Thank you..   Regarding the restore.. the Exchange technichian hadn´t checked from user side 🙂 He just looked from SMBR, and as you said.. there it shows create date as the date you restored it. So that´s solved..     The other question. I think I was a little un-clear. What they would like to do is to create pst files from disconnected mailboxes.   And as they can´t connect to them from powershell, they can only connect to them via snapshots. They was wondering of they could connect to a snapshot of a database and then mark what disconnected mailboxes they wanted to create pst files from. For example.. If they have 5000 disconnected mailboxes and want to extract 500 of them as pst files.. they can´t do it from Powershell (active export).. Is there a way to do them in "bulk" from snapshot?   //Henrik ... View more

Hi guys! Just a small tip, if you didn´t know.. but you don´t have to drop to node shell.. you can run the whole command in one line as long as you know your path. So for exampel: cluster01::> node run -node cluster01-01 "priv set diag;ls /vol/dfs_doc/DOC"   This will give you the output directly in cluster view, and you don´t need to skip between cluster view and node view.   Cheers.   ... View more

Did you fix it?   Looking for the same on my Clustered Ontap environment. Had one customer to run full due to the fact that we migrated from a smaller controller to a bigger.. and the maxdir_size was set according to the older/smaller controller.   Now they wanna monitor it with alerts.. but can´t seem to find where to go ... View more

Thanks Andrew!  (just saw that you are the guy from practical-admin.com  .. cool)   Anyhow.. As I said, I´m very new to PS. A regular "Get-Childitem" command should do the trick to find the files.. So far I´m good. But when it comes to the NPTK, I find it a bit difficult. First, If I get a list from the GCI command where the output finds the correct path to the files, it´s still only the SMB path. So I need to find the correct volume/qtree path etc in the controller to get to the next step. Next I need to find the version where the file isn´t infected.. maybe that needs to be done manually.. or could one use the create timestamp from the *.decrypted file in some way. Then I thought about if, in someway, one can use the command below in a PS script: snap restore -t file /vol/svmvolume/qtree/folder/file -s nightly.0     Today we use the following way. We find the point in time where the files are OK, clone that snapshot and then mount it and share out the volume to a "restore" share. Then mount the infected area to U: (for exampel) and the restore to Y:. Then we use robocopy to receive the filename and use PS to copy the to destination.   #robocopy 'U:\Folder' null /l /e /fp | select-string 'decrypted' | out-file c:\temp\decrypted.txt     $x=get-content c:\temp\decrypted.txt   $i=$null $J=$null foreach ($i in $x){  $i=$i.trim('.decrypted')   $i   $j=$i -replace "u:" , 'y:'   $j   copy-item "$j" -destination "$i" } I just thought if that can be done through Snap Rrestore in NPTK, It might go a little faster?         We have also worked with To list the encrypted files below script is used:   #robocopy 'U:\folder' null /l /e /fp | select-string 'decrypted' | out-file c:\temp\decrypted.txt   To restore the files from backup:   robocopy "\\NAS\restore_share$" "\\NAS\original_path" /COPYALL /DCOPY:T /B /SEC /E /R:0 /W:0 /log:"c:\temp\output.txt" /nfl /ndl /TEE ... View more

That´s the problem.   Sometimes not all files are affected in a cryptoware attack. And usually the customers don´t allow us to restore on folder level. Say they have 10 qtrees in that volume. And in that qtree they have X number of folders. If 1 folder has ten thousands of files and get affected, but only 80% of the files are decrypted. the customer only want the affected files restored.. not the whole folder. That´s my dilemma.. Otherwhise I just would have done a restore from OCUM ... View more

We had a couple of more incidnets with ransomware.   I thought of fpolicy. Can we create an fpolicy to prevent someone to encrypt the files. All files are left, but they are named file.encrypted instead of file.excel for exampel.   Does anyone know how the ransom engine works. Does it copy the original file and paste an ecrypted version? Or does it just rename it?   if it copys and replace it.. I don´t think a fpolicy is goog, because then it can remove all files and the option to get lists with affected files are then gone. If it only renames it, it might work   thoughts? ... View more

I updated.. OK to delete the SVM now ... View more

Hi!   Did you figure it out? As I understand you need SMB3.02 support, but maybe that´s changed.     ... View more

I just searched for webdav information for cDot.. But it seems that both webdav and http wasn´t ported over to cDot from 7-mode.   Did YOU get any more information about it? ... View more

No, Sorry .. no solution at this moment.   I have a case open about this now, and we are scheduled to have a webex session tomorrow. Will update this post when I have any more information.   BTW, got information that there´s a burt on this, 908671 . But it´s internal so far, so no public information.   But it did mention this could happen if you uppgrade from 8.2.x to 8.3, which we have done.     ... View more

Well we have followed those steps, and we have deleted SVMs before.   This is the first time we get the particular error message. ... View more

Thanks mate..   I hade the same problem. But both my SVM and my volumes where part of the same aggregata alreaddy, but it was not under the  "List of Aggregates Assigned: " option. (when I ran the 'vserver show' command) So added it in and it worked.   Thanks   ... View more

Thank you so very much.   This was a a legacy from a 7-mode transition we did last summer. I checked the transition output and it pointed to an old 7-mode system.   Deleted it and now it works.   Thanks again   ... View more

Thanks.   Also noticed that SnapManager service does a CRL check before starting.. So you need to have internet connection to start the service... or change Internet Explorer options to not check for Cert on the service account used to start SME.     ... View more

Hi! Do you have any update on the new OpenSSL issue? DTLS invalid fragment vulnerability (CVE:2014-0195) and SSL/TLS MITM vulnerability (CVE:2014-0224) Will this document be updated or will you have new ones for these? ... View more