Restore Dumpster Items from Exchange 2013 Backup

Restoring mail from the ‘Recover Deleted Items’ section aka the dumpster from an Exchange 2013 Backup database.

All of the following commands were run through the Exchange Management Shell. This is easiest done if the database & log folder have been restored (we used Backup Exec 2014) to a local drive on the Exchange Database Server.


Navigate to the root directory of the restore:

cd I:\Exchange

Check the state of the database file, you’ll need to scroll back up a little to check the result. It is most likely ‘State: Dirty Shutdown’

eseutil /mh '.\Mailbox Database.edb'

The database needs to be cleaned before it can be mounted, you can replay the logs against the database with the following command.
Check the Logfolder to view the log number, the file name will be like ‘E00.log’ or ‘E01.log’ etc. Insert that into the next command with the /r switch.

eseutil /r "E00" /l "I:\Exchange\LogFolder\" /d "I:\Exchange\Mailbox Database.edb"

For me, unfortunately the log files were corrupt and/or missing (thanks BE2014!), so I had to force repair the database.
Only run this if the previous repair command would not work, it has a chance to drop data from the database you are recovering.

eseutil /p '.\Mailbox Database.edb'

Once either the clean or the force repair has completed, once again check the state of the database, it should read ‘Clean Shutdown’.

eseutil /mh '.\Mailbox Database.edb'

Now we need to create the Recovery Database using our freshly cleaned Exchange Database (.edb) file.

New-MailboxDatabase -Server ExchangeDBServer -Name RecoveryDB -Recovery -EdbFilePath "I:\Exchange\Mailbox Database.edb -LogFolderPath "I:\Exchange\LogFolder\"

As we are only using this database temporarily, there is no need to restart the Microsoft Information Store service.
We can now mount the recovered database.

Mount-Database RecoveryDB

Check the database has mounted succesfully and contains items.

Get-MailboxStatistics -Database RecoveryDB | ft -auto

Awesome! We have successfully mounted our recovery database, now we need to search for the GUID of the mailbox we want to restore items from.

Get-MailboxStatistics -Database RecoveryDB | Where { $_.DisplayName -like "DisplayNameHere*" } | Format-List LegacyDN, DisplayName, MailboxGUID

Once you have the Mailbox GUID of the mailbox you want to restore from, we can run the following command.
-SourceStoreMailbox: The GUID of the mailbox we are restoring
-TargetMailbox: We cannot export directly to pst from a Recovery Database, so this TargetMailbox is an account in your live Exchange. For paranoia I created a test account in our live database to restore mail to
-TargetRootFolder: Creates a folder under the root (Same level as Inbox) level of the TargetsMailbox
-AllowLegacyDNMismatch: Because we aren’t restoring the SourceMailbox to the same persons LiveMailbox, we need this switch to allow us to restore to an alternate mailbox

New-MailboxRestoreRequest -SourceDatabase RecoveryDB -SourceStoreMailbox "fb32b60a-0643-4102-838f-7480f2467d4b" -TargetMailbox -TargetRootFolder SourceMailbox -AllowLegacyDNMismatch

That’s it! We can check the progress of the restore with:


Once this is marked completed, you can check the TargetMailbox and look for the TargetRootFolder you specified.

The dumpster items will be contained under ‘TargetRootFolder\Recoverable Items

Once you are finished restoring files, clear the Mailbox Restore Requests and then dismount the database.

Get-MailboxRestoreRequest | Remove-MailboxRestoreRequest
Remove-MailboxDatabase -Identity RecoveryDB

Total Views: (209)

Surface Pro 3 PXE Boot skips IPv4

Surface Pro 3 PXE Boot skips IPv4, Surface Pro 3 PXE goes straight to IPv6.

After PXE Booting the SP3, you could see it flash something after the message about IPv4 and goes straight to IPv6, then eventually times out and boots normally.

I used my iPhone Slow-mo camera to record this process and then view what it was actually flashing on the screen before jumping to IPv6.

“Downloading the NBP File…

Succeed to download NBP file.”

Okay, so a lot of people mentioned requiring “ip-helper” on switches & disabling then DHCP options 66/67 but neither of these seemed to help. I also updated the firmware on the device but this also made no difference.

What did up being the solution was our DHCP options pointed to the x86 NBP file “SMSBoot\x86\” – as the Surface Pro 3’s are x86 – just changing this DHCP option to “SMSBoot\x64\” immediately fixed the issue!


This issue came back again shortly after.

After tracing the SMS_DP$\sms\logs\SMSPXE.log file, I could see the SP3 coming up with “C0:33:5E:74:6A:E7, 3AA0B669-B048-2D73-4942-0D4E0428F92D: device is in the database. SMSPXE 18/08/2015 1:48:09 PM 1244 (0x04DC)”

So, the NBP file was successful in downloading, but there were no valid task sequences or boot images for this device because it was no longer under the ‘Unknown Computer’ collection… but.. this was supposed to be a completely fresh Surface Pro 3!? The answer… the MAC Address seen above relates to the USB Gigabit Ethernet device… the one that is shared amongst the IT team when imaging these Surface Pro’s…. So a temporary solution is to remove the existing device from SCCM.

This can be done by running the following query under the Monitoring tab:

select SMS_R_System.Name, SMS_R_System.Client, SMS_R_System.ClientVersion, SMS_R_System.MACAddresses from  SMS_R_System where SMS_R_System.MACAddresses like ##PRM:SMS_R_System.MACAddresses##

However, you can’t really do this for each device you image with SCCM if you are only using the one ethernet adapter for the process.

A little more searching brings up this article – How to Use The Same External Ethernet Adapter For Multiple SCCM OSD

Update two:

After having this issue once again, this time on a Surface pro 4, and searching the database for the MAC address resulted in empty.

This time, check the SMSPXE.log and look for the ‘ItemKey’ field.

“Client boot action reply: <ClientIDReply><Identification Unknown=”0” ItemKey=”2046820353″ .. blah”

With this you can look in the SCCM Console -> Assets -> Devices. Enable the ‘Resource ID’ column and match it up to the same computer – this you will need to remove in order to PXE boot the machine.

Total Views: (2237)

Diagnosing missing webapp data through MSSQL

The case of all recently made redundant employee’s had disappeared from our HRM after they received the payout.

Return all the recently run queries:

SELECT deqs.last_execution_time AS [Time], dest.text AS [Query], dest.*
FROM sys.dm_exec_query_stats AS deqs
CROSS APPLY sys.dm_exec_sql_text(deqs.sql_handle) AS dest
WHERE dest.dbid = DB_ID('databasename')
ORDER BY deqs.last_execution_time DESC

Searched the recent results for the table ‘q2employees’ as this references all the employee details, I knew this would need to be included.

One of these large queries pointed to a view called ‘q2vEmployeeDirectory’, bingo. Using ‘Design’ to look at the query that runs this view it looked like the following.

SELECT dbo.q2employees.emp_code,
{ fn LCASE(dbo.q2employees.surname) } AS
{ fn LCASE(dbo.q2employees.given_name) } AS
WHEN dbo.q2employees.preferred_name IS NULL THEN
dbo.q2employees.given_name + ' '
+ dbo.q2employees.surname
ELSE dbo.q2employees.preferred_name + ' '
+ dbo.q2employees.surname
(SELECT payer_name
FROM dbo.q2payer_groups
WHERE ( dbo.q2employees.co_id = co_id )
AND ( dbo.q2employee_pay_details.payer_id = payer_id )) AS
FROM dbo.q2employee_pay_details
INNER JOIN dbo.q2employees
ON dbo.q2employee_pay_details.emp_code = dbo.q2employees.emp_code
LEFT OUTER JOIN dbo.q2department_employees
ON dbo.q2employees.emp_code =
WHERE ( dbo.q2employee_pay_details.date_term IS NULL )

Which gave me the hint at the very end:

WHERE ( dbo.q2employee_pay_details.date_term IS NULL )

So, to return all employee’s back into the directory this is easily fixed by setting the date_term field back to NULL.

UPDATE q2employee_pay_details
SET date_term = NULL;

Total Views: (101)

The updater cannot find a qualifying product on the system – FileMaker Pro

Trying to install or un-install FileMaker Pro 13 resulted in the following error message:
“The updater cannot find a qualifying product on the system”

To rectify this issue I ensured all files (and the folder itself) were deleted from C:\Program Files (x86)\FileMaker \FileMaker Pro 13\

You will also need to run ‘regedit’, search for ‘FileMaker Pro 13’ and delete the 2 references for the un-installer. (Found in HKEY_CLASSES_ROOT\Installer\Products\C31F0FC6E96497945A77D33A65E3CE72 and HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7ADA4FC4-8D25-44F7-AB2D-2F91DCCE1604}_FileMaker)

After this is done you should be able to succesfully re-install FileMaker Pro 13 and the subsequent updates (v.02, v.03, v.05).


Total Views: (481)

Ignore all Logwatch Pattern in check_mk

Using Nagios with Check_MK I wanted to ignore all of the Windows Event log files from producing any errors or warning for the host.

To do this, open up your site -> WATO:Configuration -> Hosts & Service Parameters -> Parameters for Inventorized Checks -> Logwatch Patterns

Add a pattern, and set the following properties:
State: Ignore
Pattern (regex): .*
Comment: Ignore all event logs

ignore all logwatch pattern check_mk

Total Views: (1473)

Update SharePoint list from CSV File using Powershell

Updating a SharePoint list from a CSV File using PowerShell. Only update the matching list items, does not create new entries.
This checks the SharePoint list for the two columns, ‘Employee’ and ‘Titlex’ – and then will update them matching the csv file to the ‘givenName + sn’ fields.
It updates only the ‘Primary Program’ SharePoint Column to the ‘company’ column in the CSV File.

The CSV File would look like:
givenName, sn, company
John, Smith, Accounting

Or could be obtained from Active Directory using:

Get-ADGroupMember $groupFilter | Get-ADUser -Properties * | Select givenName, sn, company | Export-CSV Export.csv -NoType

"Updating SharePoint List..."
foreach ($row in $tblData){
$accountName = $row."givenName".ToString() + " " + $row."sn".ToString()
$item = $spData.Items.Add()
$item = $spData.Items | where {($_['Employee'].substring(5) -like $accountName) -or ($_['Titlex'] -like $accountName)}
$item["Primary Program"] = $row."company".ToString()

Total Views: (880)

check_mk_active_sql! Return code of 127 is out of bounds – plugin may be missing

Running OMD 1.10 with Check_MK trying to monitor MSSQL on a Windows Server.

To configure a check I went to WATO – Host & Service Parameters -> Active Checks -> Check SQL Database

Add a new check and configure the appropriate config (Type, name, user, pass, sql-statement) and enable Performance Data.

However this was throwing the error ‘Return code of 127 is out of bounds – plugin may be missing’.

This fix for this was to copy /opt/omd/versions/default/share/doc/check_mk/treasures/active_checks/check_sql to /opt/omd/sites/YOURSITE/lib/nagios/plugins

Then add the execute permission to it (chmod +x check_sql).


Total Views: (4034)

IPTables postrouting on a virtual interface

I had a use case where I wanted to send traffic from one specific machine in our network out one specific public IP. Fortunately or unfortunately all of our additional public IPs are set up as virtual interfaces of our main fibre internet line.

This is the solution I used, just set the interface (with -o) to the physical connection, and then change it to the correct IP using –to-source.

No need for routing tables!

IPTABLES -t nat -A POSTROUTING -o eth0 -s $internalPC -j SNAT --to-source $publicIP

Total Views: (264)

Cannot Insert Object ActiveX Control – Excel 2010

Recently received the error message ‘Cannot Insert Object’ when trying to add an ActiveX Control to a new excel document, and also when trying to use controls from existing documents.

Thanks to an unrelated issue I found the following post which described the exact issue I was  having.

The simple solution.
Uninstall Security Update for Microsoft Office KB2553154

Start -> Control Panel -> Programs and Features -> View Installed Updates -> Right-Click-> Uninstall.

To remove this from all computers in a domain:
Open the WSUS console, right-click on Updates and click Search. Type in 2553154 and click Find Now. Right-click on the Security Update and click Approve… then right-click on the All Computers group and select ‘Approved for Removal.‘ Make sure this applies to any groups you have below and press Okay!

Total Views: (704)