考慮要將所有的 Windows Domain Controller 虛擬化,所以想先確認是否會對其效能或其它Application 造成影響,您可以參考官方的 DC 虛擬化的考量手冊:
Planning Considerations for Virtualized Domain Controllers
上述參考資料其中提到了 Domain Controller 的優缺點如下圖內容所示:
上述也提到,在相同規格的硬體條件下在一個較為複雜的環境中,使用虛擬化的 Domain Controller 會比使用實體機器的 Domain Controller 減少 2~12% 的效能, 換言之,即使在最嚴格的條件下,除非您客戶目前執行在實體機器中的 Domain Controller 經常處於效能滿載的瓶頸中,否則執行虛擬化並不會對現有的環境有重大的效能影響.
您可以參考同一文章中針對 Domain Controller 在實體機器與虛擬機器的效能測試比較結果圖表:
此外,若您屬於中大型的架構則建議應該考慮將擔任 PDC Emulator 的 Domain Controller 放在實體機器中而不是將之虛擬化,如下圖之說明.
最後為了避免因為執行 Hyper-V 的機器或軟體本身的問題而造成整個 AD Domain 服務的停擺,會建議您在每一個 AD Domain 中至少保留 1~2 台的 Domain Controller 執行於實體機器中.
如果您的環境中有 Exchange Server,則針對 Exchange Server 的效能影響部份我們建議在一個中大型 ( 超過 500 個信箱 ) 且使用大量通訊群組 (Distribution Group) 的 Exchange 環境中, 擔任 GC(Global Catalog Server) 角色的 Domain Controller 為了效能考量,應該考慮將這些 GC Server 執行於實體機器上.
2011年3月30日 星期三
2011年3月29日 星期二
Windows 2003 RMS能否與 Windows 2008 AD RMS 共存使用
可以參考下列 TechNet 官方的網址說明:
Join additional servers to the AD RMS cluster
在上述內容中提到,一旦將新版的 AD RMS Server 加入到舊版的 Windows RMS Server 的叢集中之後 Windwos 2008/2008 R2 的 AD RMS 就會變更 RMS 的 Configuration Database Schema,而舊版的 Windows RMS Server 會因為這個改變而無法繼續處理用戶端的 RMS 請求.因此,在升級過程中您在安裝第一台 Windows 2008/2008 R2 的 AD RMS Server 之後,就應該要立即將其它舊版的 Windows RMS Server 進行取代的動作.
而上述的文件中也提到在 AD RMS 叢集中的所有 RMS Server 都必需執行相同版本的 Windows Server,所以現有環境可以將 Windows RMS 進行升級或轉移的動作,但無法讓兩個不同版本 Windows Server 的 RMS Server 同時處理 RMS Client 的要求.
Join additional servers to the AD RMS cluster
在上述內容中提到,一旦將新版的 AD RMS Server 加入到舊版的 Windows RMS Server 的叢集中之後 Windwos 2008/2008 R2 的 AD RMS 就會變更 RMS 的 Configuration Database Schema,而舊版的 Windows RMS Server 會因為這個改變而無法繼續處理用戶端的 RMS 請求.因此,在升級過程中您在安裝第一台 Windows 2008/2008 R2 的 AD RMS Server 之後,就應該要立即將其它舊版的 Windows RMS Server 進行取代的動作.
而上述的文件中也提到在 AD RMS 叢集中的所有 RMS Server 都必需執行相同版本的 Windows Server,所以現有環境可以將 Windows RMS 進行升級或轉移的動作,但無法讓兩個不同版本 Windows Server 的 RMS Server 同時處理 RMS Client 的要求.
2011年3月23日 星期三
Microsoft Excel Web App Error (Open & Edit from the Web Site)
使用Excel Web Access會發生如文字與下圖的錯誤訊息,"The file that you selected could not be found. Check the spelling of the file name and verify that the location is correct."
解決方法:
在SharePoint 2010 Central Administration中的System Settings,設定AAM (Alternate Access Mappings),您應該選擇Local Application,並且設定Url格式如同"http://SharePointServer:10000",接著編輯Public URLs,in the internet box you fill your internet url ,then click ok,and test,it works !!!
解決方法:
在SharePoint 2010 Central Administration中的System Settings,設定AAM (Alternate Access Mappings),您應該選擇Local Application,並且設定Url格式如同"http://SharePointServer:10000",接著編輯Public URLs,in the internet box you fill your internet url ,then click ok,and test,it works !!!
Microsoft Word Web App Error (Edit from the Web Site)
2011年3月21日 星期一
Windows KMS Server 在啟用上是否有最低數量的限制 ?
目前環境有五套的 Windows Server 2008 以及不滿 25 套的 Windows 7, 在此情況下是否都可以透過 KMS Server 進行產品啟用 ?
有關 Windows KMS Server 的運作請參考 FAQ 網址:
http://www.microsoft.com/licensing/existing-customers/product-activation-faq.aspx
其中資料提到 KSM Server 的啟用運作如下圖所示:
從上圖可以清楚知道,若要透過 KMS Server 啟用 Windows Server 2008/2008 R2 則必需在網路上有 5 套 ( 含 ) 的伺服器向 KMS Server 提出啟動要求才會運作.
而若要啟用 Windows Vista 或 Windows 7 則必需在企業網路上要有 25 套 ( 含 ) 的用戶端電腦向 KMS Server 提出啟動要求才會運作.
所以,目前環境中僅能透過 KMS Server 啟用 Windows Server 2008 伺服器,而無法啟用 Windows 7( 因為數量不足 25 套 ).
若目前環境中 Windows 7 + Windows Vista 不足 25 套的話則可以透過 MAK 手動輸入金鑰的方式來啟動 Windows.
有關 Windows KMS Server 的運作請參考 FAQ 網址:
http://www.microsoft.com/licensing/existing-customers/product-activation-faq.aspx
其中資料提到 KSM Server 的啟用運作如下圖所示:
從上圖可以清楚知道,若要透過 KMS Server 啟用 Windows Server 2008/2008 R2 則必需在網路上有 5 套 ( 含 ) 的伺服器向 KMS Server 提出啟動要求才會運作.
而若要啟用 Windows Vista 或 Windows 7 則必需在企業網路上要有 25 套 ( 含 ) 的用戶端電腦向 KMS Server 提出啟動要求才會運作.
所以,目前環境中僅能透過 KMS Server 啟用 Windows Server 2008 伺服器,而無法啟用 Windows 7( 因為數量不足 25 套 ).
若目前環境中 Windows 7 + Windows Vista 不足 25 套的話則可以透過 MAK 手動輸入金鑰的方式來啟動 Windows.
File Transfer Failures
Problem:
While attempting to upload a file using the Group Chat Client Console, the following error may be displayed :
Cause:
Group Chat Web Service is unable to write the file to the File Repository due to insufficient permissions.
Resolution:
In the properties of the MGCWebService virtual directory in IIS on the Group Chat server, configure Anonymous Access to use an account that is a member of the RTCComponentUniversalServices group.
By default, the IUSR account is used for Anonymous Access in IIS. This account does not have access to the File Repository (share) used by Group Chat.
While attempting to upload a file using the Group Chat Client Console, the following error may be displayed :
Cause:
Group Chat Web Service is unable to write the file to the File Repository due to insufficient permissions.
Resolution:
In the properties of the MGCWebService virtual directory in IIS on the Group Chat server, configure Anonymous Access to use an account that is a member of the RTCComponentUniversalServices group.
By default, the IUSR account is used for Anonymous Access in IIS. This account does not have access to the File Repository (share) used by Group Chat.
2011年3月15日 星期二
Insufficient Display of Chat History
Problem:
Upon logging in to Group Chat, an insufficient amount of Chat History is displayed in the Group Chat Client Console.
Cause:
Product limitation, retrieval of backchat data from SQL database is expensive operation.
Resolution:
This is a perception issue, based on erroneous assumption of how product works.
Retrieval of chat history at user logon is limited to 50 lines, regardless of client setting.Decision was made to limit data retrieval upon user logon due to performance concerns.Chat History can still be searched, but only for Chat Rooms where Chat History is enabled.
Upon logging in to Group Chat, an insufficient amount of Chat History is displayed in the Group Chat Client Console.
Cause:
Product limitation, retrieval of backchat data from SQL database is expensive operation.
Resolution:
This is a perception issue, based on erroneous assumption of how product works.
Retrieval of chat history at user logon is limited to 50 lines, regardless of client setting.Decision was made to limit data retrieval upon user logon due to performance concerns.Chat History can still be searched, but only for Chat Rooms where Chat History is enabled.
Installation Failure – Multiple Domains
Problem:
Installing Group Chat into a different AD Domain than where OCS Groups exist will result in the following error:
* Error Applying Changes - Group 'RTCComponentUniversalServices‘ is not
found in Active Directory
Cause:
Group Chat installer will only search for OCS Groups using the default
naming context of current domain.
Resolution:
1) Create temporary set of OCS Groups that mirror the real OCS Groups and their membership in Active Directory Domain where Group Chat will be installed.
2) Create new security group called RTCGroupChatServices in domain where Group Chat
will be installed, and add the Group Chat service accounts to the membership of this group
3) Add the RTCGroupChatServices group to Message Queuing service with Full Control rights
4) Install Group Chat
Installing Group Chat into a different AD Domain than where OCS Groups exist will result in the following error:
* Error Applying Changes - Group 'RTCComponentUniversalServices‘ is not
found in Active Directory
Cause:
Group Chat installer will only search for OCS Groups using the default
naming context of current domain.
Resolution:
1) Create temporary set of OCS Groups that mirror the real OCS Groups and their membership in Active Directory Domain where Group Chat will be installed.
2) Create new security group called RTCGroupChatServices in domain where Group Chat
will be installed, and add the Group Chat service accounts to the membership of this group
3) Add the RTCGroupChatServices group to Message Queuing service with Full Control rights
4) Install Group Chat
Installation Failure on Windows 2008
Problem:
Installing Group Chat into a Windows 2008 server may result in the following error:
Cause:
Group Chat installer requires the SeImpersonatePrivilege right to create the MGCWebService virtual directory under the Default Web Site in IIS 7.0.
Resolution:
Run the installer using the elevated privileges of the built-in Administrator account.
On a Windows 2008 computer, this privilege is automatically granted in the security token of the Domain\Administrator account (Built-in account for administering the computer/domain), but not for other members of Domain Admins. To prove this you can use the Whoami utility.
Whoami.exe /all (logged in as Domain\Administrator)
Installing Group Chat into a Windows 2008 server may result in the following error:
Cause:
Group Chat installer requires the SeImpersonatePrivilege right to create the MGCWebService virtual directory under the Default Web Site in IIS 7.0.
Resolution:
Run the installer using the elevated privileges of the built-in Administrator account.
On a Windows 2008 computer, this privilege is automatically granted in the security token of the Domain\Administrator account (Built-in account for administering the computer/domain), but not for other members of Domain Admins. To prove this you can use the Whoami utility.
Whoami.exe /all (logged in as Domain\Administrator)
2011年3月14日 星期一
Allow Mailbox Access in Exchange 2010
Use the EMC to grant Full Access permission for a mailbox :
1. In the console tree, navigate to Recipient Configuration > Mailbox.
2. In the result pane, select the mailbox for which you want to grant Full Access permission.
3. In the action pane, under the mailbox name, click Manage Full Access Permission. The Manage Full Access Permission wizard opens.
4. On the Manage Full Access Permission page, click Add.
5. In Select User or Group, select the user to which you want to grant Full Access permission, and then click OK.
6. Click Manage.
7. On the Completion page, the Summary states whether Full Access permission was successfully granted. The summary also displays the Shell command used to grant Full Access permission.
8. Click Finish.
Use the Shell to grant Full Access permission for a mailbox :
Add-MailboxPermission "User A" -User "User B" -AccessRights FullAccess
Use the Shell to grant Receive As permission for a mailbox database :
Add-ADPermission -Identity "DB" -User "User A" -ExtendedRights Receive-As
* You can't use the EMC to grant Receive As permission for a mailbox database.
1. In the console tree, navigate to Recipient Configuration > Mailbox.
2. In the result pane, select the mailbox for which you want to grant Full Access permission.
3. In the action pane, under the mailbox name, click Manage Full Access Permission. The Manage Full Access Permission wizard opens.
4. On the Manage Full Access Permission page, click Add.
5. In Select User or Group, select the user to which you want to grant Full Access permission, and then click OK.
6. Click Manage.
7. On the Completion page, the Summary states whether Full Access permission was successfully granted. The summary also displays the Shell command used to grant Full Access permission.
8. Click Finish.
Use the Shell to grant Full Access permission for a mailbox :
Add-MailboxPermission "User A" -User "User B" -AccessRights FullAccess
Use the Shell to grant Receive As permission for a mailbox database :
Add-ADPermission -Identity "DB" -User "User A" -ExtendedRights Receive-As
* You can't use the EMC to grant Receive As permission for a mailbox database.
2011年3月9日 星期三
Outlook 語系調整
Outlook 安裝後與預設的 Office 語系不同,請參考下列步驟來完成修正
1. 開始 -> Microsoft office -> Microsoft Office 2010 工具 -> 調整 Microsoft Office 2010 語言喜好設定
2. 確定預設語言為版本後,執行指令: outlook.exe /resetfoldernames ,Outlook 2010 重新開啟後應會正常顯示預設的版本
1. 開始 -> Microsoft office -> Microsoft Office 2010 工具 -> 調整 Microsoft Office 2010 語言喜好設定
2. 確定預設語言為版本後,執行指令: outlook.exe /resetfoldernames ,Outlook 2010 重新開啟後應會正常顯示預設的版本
訂閱:
文章 (Atom)
Skype for Business 相關問題
Microsoft Teams 擴展了 Skype for Business 功能,將聊天、會議、通話、協同合作、應用程式和檔案儲存整合到一個介面中。這個新的團隊合作中心可以幫助簡化使用者完成工作的方式,提高使用者滿意度,並加速業務結果。作為一個現有的 Skype for Bus...
-
錯誤訊息如下: 解決方法: 試試看檢查下面幾項動作 1.Netlogon Service有沒有啟動或者服務重新啟動 2.是否有此值 HKLM\System\CCS\Services\NTDS\Parameters 底下的 "DSA Not Writable...
-
問題描述 : OfficeScan 伺服器中的 Bsdiff.exe 占用過高的 CPU 使用率 解決方法 : Bsdiff.exe 是整合式雲端截毒伺服器的程序之一,功能為建立不同的 Smart Query Pattern 。 若 CPU 突然飆升,有可能是它正在...