Monday, October 15, 2012

2013 went RTM

A couple of days ago, both Exchange and Lync 2013 went RTM. What kind of impact this will have on the industry is yet to be unfolded. What we do know is that Microsoft is pushing towards the cloud with a closer integration and a seemingly seamless experience (pun intended). In my book, the biggest news will have to be the offline feature of Outlook Web App in Exchange 2013 which just turns the table upside-down.

Oh, there's Sharepoint and Office too but I'll leave that for others to mention...

Thursday, October 4, 2012

Windows Server 2012 Launch

Just came back from the Windows Server 2012 Launch at a packed Rival in Stockholm. Lots of interesting topics were covered and indeed a few surprises too. Overall, a well organized event by the people at TrueSec. One of the surprises was the fact that Hyper-V now have the ability to allow virtual machines to use hardware accelerated SSL offloading. Another interesting point was the power of the new PowerShell 3.0 (pun intended) which seem to open up endless opportunities with new workflow feature. Great stuff!

Wednesday, September 26, 2012

Direct Access Teredo Ping

Just noticed today that when a Direct Access client connected with Teredo is attempting to make contact with a host on the inside, it will first send an ICMP Echo request (i.e. Ping) to the host. If this fails, it will not be able to establish a connection. This could be relevant in complex environments with firewalls protecting various zones, such as the DMZ. Good to know...

Thursday, August 23, 2012

Microsoft extreme makeover

Yes, that's right. Microsoft has indeed decided to throw away the old logo and replace it with a new one. Or is it really a new logo? Does it look any better? Will it change life as we know it?

Thursday, August 2, 2012

Windows Server 2012 availability

I missed that the Windows Server Blog also informed us that Windows Server 2012 is complete (RTM) and will be available within the next couple of weeks. One could assume that both the client and server version will be available on technet the very same day. And there was much rejoicing!

Wednesday, August 1, 2012

Windows 8 availability

Fresh information from Blogging Windows tells us that Windows 8 will be available in a couple of weeks. MSDN and Technet subscribers will be first in line followed by SA customers and partners the day after. Consumers will have to wait until the last week in October. This is excellent news as I'm about to lay my paws on a new laptop which indeed will be blessed with Windows 8. I'll take that with Hyper-V, thank you!

No official word about Server 2012, though. What's up with that?

Thursday, July 26, 2012

A brief look at Exchange 2013

I've managed to get my hands on a proper lab environment to install the preview of Exchange 2013. It is still limited so unfortunately both roles will have to installed on the same server but that's no problem since this will never be a production environment.

The first noticeable change is the lack of the Exchange Management Console (EMC). The only tools available is the Exchange Management Shell (EMS) and the Exchange Toolbox.

Wednesday, July 25, 2012

Exchange 2013 installation preview

A point of interest concerning the new version of Exchange is the change to the installation process. One of these changes is the role selection screen. Only two roles are up for grabs, the Mailbox and the Client Access role. This might seem like the old Frontend and Backend scenario but digging deeper in the documentation around these roles reveals that this is not the whole truth. The Mailbox role is more or less all previous roles from Exchange 2010 combined and the new Client Access role handles authentication, redirection and proxy requests.

The next change of interest is the option to include malware protection. This adds an extra layer of security which might come as a welcomed feature to most of us.

Not much else has changed apart from the visual experience but I couldn't help but notice the small but apparent logo in bottom left of the installation window which indicates a closer relationship with the Office team at Microsoft.

One should also note that Windows Server 2012 with Exchange Server 2013 demands more resources than previous versions. This is true in the current build but might change when the products goes gold. Still, don't expect these machines to start with anything less than 4GB of memory for each server and plenty of IOPS to spare in your storage solution. My lab consisting of a laptop with 6GB of memory and a single 5400 rpm disk simply couldn't hack it but your mileage may vary.

Monday, July 23, 2012

Invalid canary in cookie

Well, no angry birds but it appears that there are one or two invalid canaries lurking in Exchange 2010. One might think that a stork could be useful but apparently a canary is sufficient for this particular purpose. Go figure...

Note that this "feature" is related to SCOM and is no longer present in Service Pack 2. Some of us will miss the canaries...

Thursday, June 28, 2012

No habla MAPI

It has been brought to my attention that Outlook 2011 for Mac doesn't speak MAPI. I noticed an extreme growth of IIS logs on a Client Access Server and further inspection pointed towards a single Outlook 2011 for Mac user. What appeared to be a DDOS attack was in fact normal Outlook 2011 EWS usage. If this is the result of a single user, one can only imagine the size of the IIS logs when thousands of Outlook 2011 clients are connecting. The horror...

Monday, June 4, 2012

Delegated mail stuck in outbox

There seem to be a problem with Outlook 2010 regarding the option to send as a delegated mailbox when running in online mode. Apparently, the mail is sent but it seem to be stuck in the outbox folder of the main mailbox. This only happens in the following scenario.
  • Outlook is running in online mode
  • A mail is sent from a delegated mailbox
  • The registry tweak to move sent mail to the appropriate sent items folder is activated
According to a certain Fiona Liao, this is a known issue within Microsoft and will not be fixed until Outlook 2012. Also, the same problem seem to be present in Outlook 2011 for Mac OS X.

Friday, May 25, 2012

Problems with Exchange 2010 updates

In a recent post, I mentioned a problem with an endpoint mapper (RPC) after the installation of Service Pack 2 for Exchange 2010. It has come to my attention that the reason for this problem is due to a problem with the initial installation. The problem happened again in the same Exchange environment during a Rollup 2 installation which lead me to investigate the Exchange Setup logs further. In the file UpdateCAS.log the following entry was logged.

The line reads "Error updating OWA/ECP: The term 'Get-ExchangeServer' is not..." which indicated a problem with the Exchange Management Shell (PowerShell) commands. After browsing around the configuration I noticed that some entries were missing from the registry compared to another Exchange server.

A quick fix for this problem was simply to export the PowerShellSnapIns key from a working Exchange server and import the difference to the faulty one. The question to why these keys are missing in the first place still remains unanswered. However, we're one step closer to the truth.

Monday, May 21, 2012

Excessive login time in Windows 7

I recently stumbled upon a client where the login time could be classified as not of this world. For me, any login time exceeding 10 seconds is to be considered too long. I'm not talking about boot-up time but the time it takes for the desktop to appear after username and password has been entered. After the usual investigation relating to the network, DNS and Group Policies, the problem was found in the event logs.

Say hello to nearly 4 minutes of Folder Redirection processing. As it turned out, the user had made its entire home folder available offline which caused these dramatic effects to the login time as the number of files exceeded too many to be mentioned here. The solution was simply to not make the files available offline and clear the temporary cache which decreased the login time to a respectable 5 seconds.

Friday, May 18, 2012

Certificate request from an OS X Lion client

It appears that Apple has made it quite convenient to request a certificate from a Windows Certificate Authority using the AD Certificate Payload Plugin. There are a number of issues that needs to be addressed however but in the whole it seems to work fine. This method actually makes it possible for the OS X client to acquire a computer certificate used for 802.1x authentication in a very slick procedure without the usual hands-on intervention by a network technician. My next quest is to develop a similar method for the not so domain-joined devices known as iPads/iPhones. I'm leaning towards a solution involving the old NDES/SCEP service to bring clarity and justice for all.

Tuesday, May 8, 2012

The shell of the youth

So what shell are the kids of today using. Bash? Well, not according to my 4-year old son. Lo and behold...
Yes, that's right. PowerShell is the shell of the youth and the future. At least in my part of the universe.

Monday, April 23, 2012

Exchange 2010 Test-MAPIConnectivity Failure

The cause to why the command Test-MAPIConnectivity result in a failure relating to Public Folders is likely due to an empty Servers container from an old Exchange 2003 environment. The remedy is simply to delete the empty Servers container in the old Exchange 2003 administrative group. This issue usually originates from an alert from Operations Manager but it could be nice to know the real source of the problem. My understanding is that a bug in the command is the real culprit here but your guess is as good as mine.

Thursday, April 19, 2012

Bulk import thumbnail photos

In these days of increasing messaging and collaboration using such excellent services as Exchange, Lync and Sharepoint, the need to import thumbnail photos into the Active Directory is in high demand. There are many options to perform this task  but I prefer the one tool that will eventually rule them all, PowerShell. Gather all user pictures and place them in a folder with the following prerequisites.

  • The files must have names that corresponds to unique user attributes such as SamAccountName
  • The files must not exceed 10kb in size
  • The dimensions of the pictures should be the recommended 96x96 pixels but this isn't required
  • All files must be JPEG images (*.jpg)

Once the folder with above mentioned prerequisites have been established, the following script imports them to the Active Directory.

Path = 'C:\Temp\ImportThumbnails\Photos'
import-module ActiveDirectory
ForEach ($File in Get-ChildItem $Path | Where-Object { $_.Extension -eq ".jpg" } )
  $UserName = $File.Name.substring(0, $File.Name.Length - 4)
  Write-Host $UserName -NoNewLine
  $Photo = [byte[]](Get-Content -Path $File.Fullname -Encoding byte)
  Set-ADUser $UserName -Replace @{thumbnailPhoto=$Photo}
  Write-Host " [Done]" -ForeGroundColor Green

Don't forget to make sure that the thumbnailPhoto attribute is replicated to the Global Catalog in the Active Directory Schema.

Tuesday, April 10, 2012

Active Directory Schema update

Too many times have I seen how people update the Active Directory schema without taking precautions. A problem during the update could lead to a catastrophic event with no way out other than a forest wide restore. Devoting a couple of minutes to take the safe road is always worth it. These are the simple steps required to perform a safe schema update.

  • Make sure the current state of the Active Directory is healthy. Verify that all replication is working as expected.
  • Introduce a new virtual domain controller and make sure everything is replicated.
  • Transfer the FSMO Schema Master to the new domain controller and isolate it from the rest but running the following commands.
Repadmin /options <DC> +DISABLE_INBOUND_REPL
Repadmin /options <DC> +DISABLE_OUTBOUND_REPL
  • Update the schema and make sure there are no problems.
  • Enable replication by running the following commands.
Repadmin /options <DC> -DISABLE_INBOUND_REPL
Repadmin /options <DC> -DISABLE_OUTBOUND_REPL
  • Wait for replication, transfer the FSMO Schema Master to the original domain controller and remove the newly introduced domain controller from the Active Directory (dcpromo).

Easy as pie and totally worth it.

Saturday, March 31, 2012

Exchange 2010 RPC issues

During my latest Exchange 2010 transition, a problem related to RPC connectivity arose. Apparently, one of the Client Access servers refused to accept RPC connections on the Address Book Service UUID. This problem occured after the Service Pack 2 installation but wasn't detected until some time after due to the nature of the problem. As some of the clients worked fine, others seemed to work fine and a few had issues with a login prompt appearing sporadically during the day, it was quite a feat to narrow down the problem to a faulty RPC End-point connector on one of the Client Access servers. The quick resolution was to reapply Service Pack 2 but I'm sure there is a way to repair these connectors with some other method. Still, when facing issues after a Service Pack installation, reapply it a few times and things will in all likelihood turn out just great.

Thursday, March 29, 2012

Exchange 2010 Room List

The very useful feature Room List in Exchange 2010 is not without its fair share of weird issues. One of those being that it will be empty if the name of the list contains characters of foreign origin. It could be that this issue has been fixed in Rollup 1 for Service Pack 2 but it seems unlikely as a perfectly reasonable workaround is to simply omit non-english characters such as Ü, Å and É. This is good to know to keep those pesky grey hairs at bay...

Sunday, March 25, 2012

First post

This is my first post of this newly created blog that will focus on infrastructure in a Microsoft environment. Services of interest includes Active Directory, Exchange, Lync, TMG and UAG amongst others. Let's just hope I can find the time för frequent updates.