Gmail IPv4 Addresses for Whitelisting on Exchange

I needed to parse Google’s Gmail spf records in order to configure my Edge Transport server’s IPAllowListEntry, so I figured I’d post it so you didn’t have to go through the trouble.

If you’re wondering, nslookup the following to get the spf records:

nslookup -q=TXT

nslookup -q=TXT

nslookup -q=TXT


This returns the TXT record, which you then can edit out the blocks below, which I’ve done for you.  netblocks2 is what appears to be all of the IPv6 address blocks, but I didn’t bother with those for my environment.  The task is pretty much the same for IPv4 or 6:  get the record, delete the bad data and preserve the blocks, script that into Exchange via CSV and the Add-IPAllowListEntry -IPRange subnet and you should be good to go!

This list is current as of 2016-06-15.


I restarted my transport services for good measure (in Exchange Shell):

Restart-Service MSExchangeTransport

Happy emailing!


Posted in Exchange, Firewall, GMail, Google, Rules | Tagged , , , , , , , | Leave a comment

Cluster Hanging Hyper-V 2012 and/or 2012R2

A recent client was experiencing issues in their Hyper-V cluster, where we couldn’t migrate virtual machines nor manipulate the cluster on a particular host.  Not all hosts seemed to exhibit this issue, but we did notice in the event logs there were MAC address conflicts.  The Event ID we were getting was 16945, which you can read about here:

Microsoft describes the way in which a team will utilize MAC Addresses, entirely dependent on which teaming solution you use-dynamic, static, etc. here:


However, what they don’t say is this traffic might duplicate the MAC addresses associated with your underlying physical NICs, and then cause communication problems with your cluster.

In order to rectify duplicate MAC addressing, you can assign a new MAC to the teamed interface.  See here for my post on locally administered MAC addressing to use “private” MAC ranges on those teams, so that you can minimize the likelihood of having a duplicate:

Special thanks to Joe @ for researching the event ID associated with the issue.  What we decided to do was come up with one private MAC scheme for the host pool, which gets handed out to the VMs, and another for the NIC teams that allowed us to identify the primary NIC associated with that team.

Hope this helps, and happy virtualizing everyone!


Posted in Hyper-V, Microsoft Technologies, Vituralization | Tagged , , , , , , , , , , , , , | Leave a comment

MAC Address Management and Hyper-V – without System Center

System Center is great for managing your virtual environment, but what if you do not have the resources (human or capital) to use it?  Hyper-V is either free or included with your Windows licensing, and with the benefit of a virtual environment would be foolish to go unused.

Being employed by Managed Service Providers (MSP) for my IT career has given me the need to manually solve a number of issues the enterprise world has automatically managed for them after implementing expensive software coupled with a large number of people-hours.  One of those is MAC address management across same site and/or disparate-site deployments linked together by a Remote Monitoring and Management (RMM) platform such as Kaseya or LabTech.

The default behavior of Hyper-V includes assigning MAC addresses dynamically to Virtual NICs that are configured on the host. The algorithm used to determine that pool is limited in scope, which can create duplicate addresses across hosts in the same site (if you use more than a single host) as well as across client locations if your machines check into an RMM.

By default Hyper-V uses an Organizationally Unique Identifier (OUI) 00:15:5D from Microsoft, followed by a standard set of two hexadecimal pairs that are derived from the IP address of the host, followed by the final hex pair with values in the range 00-FF. See here for details. Since the only determination of the pool is by the IP address of the host, and you are deploying more than one host to that subnet, it is entirely likely you will have MAC Address conflicts on the network.  Additionally, if you use an RMM that uses MAC address sign-up, you are much more likely to encounter this issue.  Many clients would have over-lapping subnets (think about how many you’ve inherited that are using 192.168.1.x) that would then have their guests using over-lapping MAC addresses, which then all check into your RMM.  Symptoms would be disappearing client machines, client machines moving “randomly” between client locations.

In order to rectify this problem, I started researching private MAC address ranges.  I found that MAC addresses with the following format are “locally administered”-which basically means the same thing as private non-routable IP addressing (much like the above example 192.168.1.x):





You can replace the x’s with any hex character, 0-F.  What I derived, however, was a way to document each of my client locations such that the first pair was used as an arbitrary starting point.  For example, 22.  The next three pairs I used for my client locations, which with my RMM meant that I’d be using only digits: 0-9.  If my RMM location ID (not site ID) was 307, for example, I’d use 22:03:07:xx:xx:xx.  The fifth pair I decided to use for a host ID at that specific location, which I’d match with my naming convention so it would easily identify which host that particular NIC (and therefore, virtual machine) resides on:  22:03:07:00:01:xx.  Now we can have site location 307 with the ability to have 256 hosts per site.  The last pair would then allow for 256 guest NICs per host.

We could of course tailor this to suit a lesser number of site locations and then increase the amount of hosts/guests.  This particular setup worked well for me, and I won’t have to worry about changing it any time soon.  As long as you document somewhere which host ID’s are in use, you shouldn’t ever run into a conflict with your guest MAC addresses.

Posted in Hyper-V, Microsoft Technologies, Vituralization | Tagged , , , , , , , , , , | Leave a comment

Bulk User Creation Using Powershell in Active Directory

I have created a New-ADUser Powershell script to ease adding multiple users to the Active Directory.  This script will fill in most of the available Active Directory user fields for you, so long as you modify them to suit your environment.

I have populated the fields most relevant to my needs, which may or may not be required for you.  Provided is the script, a text version of the code (same as ps1 file but txt extension so it is safe to download and view in a text editor), and also a csv file with the appropriate header fields and a test user filled out.

Please download, review, and if you find it acceptable, use it to populate your Active Directory with new users!

All I ask is that you leave the first commented section intact, but feel free to modify and distribute as you like.  If you find it helpful, or would like to see additions or modifications, I’d appreciate an email or a comment on my blog.  I really enjoy IT and making things less tedious, this script should help you accomplish those goals.


File Links:




Posted in Active Directory, Microsoft Technologies, Powershell Scripts | Tagged , , , , , , , , , , , , | Leave a comment

Outlook 2011 Mavericks, delay email send script



A friend of mine asked me to create a script that he could run in order to delay sending email, as for some reason Microsoft couldn’t implement this in Outlook on the Mac.

Here is a short script to do just that.  Set your time, folder, and account to your needs.

Get the account name from Preferences > Accounts, use the account description field as shown there (copy and paste it.)

Change the file extension to .scpt, and run it when you are ready to leave your computer.

Outlook needs to be open, as well as the script from my testing.

Please feel free to ask if you need help, and I will do my best to respond!

Hope this helps you all!

Send Messages In Outlook POP

Posted in Apple, Microsoft Technologies, Office for Mac, OSX | Tagged , , , , , , , , , | Leave a comment

Quick lessons I learned about Exchange 2013 in 2010 site

Well, I learned a quick lesson today about having new Exchange 2013 servers in my current 2010 site.

1.  Install the Mailbox server first (if you plan on separate CAS/MBOX roles.)

2.  To access the new control panel, use the server name and the version: https://yourservername/ecp?ExchClientVer=15

3.  Make sure to add Exchange Trusted Subsystem to the Administrators group.  This one drove me crazy until I realized that I had the restricted groups setup via GPO.  Until you do this, expect to get IIS errors in the ECP on your new servers, stating :

An IIS directory entry couldn’t be created. The error message is Access is denied.

HResult = -2147024891

This apparently happened when running 2007 and introducing 2010 to the mix.  Remember to either gpupdate or preferably restart the 2013 servers once you add that entry!

Posted in Exchange | Tagged , , , , | Leave a comment

Just getting setup

Welcome to, a new site for those of us working in the Information Technology field.  As I am relatively new to System Administration, I know all too well the difficulty in absorbing the knowledge required by us.  Folks who do not work in IT expect us to know every piece of software, inside and out.

I am starting this blog to document the problems I am asked to solve and their possible solutions.  I’m also aiming to write about my interests, such as Exchange Server, Windows Server, PowerShell, C#, C++, Active Directory, and networking in general.  I hope you come back as posts roll out, or, alternatively, those coming from a search get what you came for.


Posted in Uncategorized | Tagged | Leave a comment