ActiveSync Random Password Prompts Fixed

Some users were getting random prompts for passwords in ActiveSync on Windows Mobile 6.1 & 6.5 en Windows Phone 7.  Environment: Exchange 2007, and TMG and Kemp Load balancers, but this problem showed up months after changing ISA 2006 to TMG.  It seemed random.  The error on ActiveSync was the generic:

Error:
please log in access was denied 0×85010002

In the TMG Monitoring you would see a denied connection on your ActiveSync rule with this status:

12239 The server requires authorization to fulfill the request. Access to the Web server is denied. Contact the server administrator.

I tested with Windows Mobile Emulator from outside the firewall and was able to reproduce the error within hours (just letting it sit there).

I first thought this was the HTTP session timeout that changed with the Kemp Loadbalancers.

I poked around the web listener settings some more and noticed the timeout settings for forms authentication were set (this same web listener was used for OWA).  TMG is supposed to be smart enough to not apply any of the forms auth settings to clients that don’t support it (falling back to basic auth as with ActiveSync).

The forms auth timeout was indeed affecting ActiveSync. To find it, look for the web listener of your ActiveSync rule, go to properties>Forms tab>Advanced> and make sure “apply session timeout to non-browser clients” is unchecked.

ISA Web Listener Advanced Form Options

Thinapp Error: Target .dat does not exist or is not data container because it does not have a ReadOnlyData= Setting

I had a problem with a Thinapp Capture: Target .dat does not exist or is not data container because it does not have a ReadOnlyData= Setting

IMAGE

The executable "chemiekaarten 2011.exe" links to a primairy datacontainer "Chemiekaarten.dat". Deze wordt niet gevonden in package.ini

Delete the following rule Shortcut= after [chemiekaarten 2011.exe] at package.ini  and add the follow ing ReadOnlyData=bin\Package.ro.tvr.

Thanks to my college Edwin

No tags for this post.

Windows Phone app for the Exchange Team Blog

The Exchange Team Blog” app for your Windows Phone. You can download it from here or directly from the Marketplace on your Windows Phone.

The app allows you to read our blog posts on the go. Some notable features are:

  • Favorite posts you love and refer them quickly
  • Follow our tweets from the same app
  • Quickly filter and read posts by tags/categories
  • Send us your suggestions
  • Share posts with your social networks

Here are some screenshots:

Source: The Exchange Team Blog

System Center Data Protection Manager 2010 Doesn’t Detect Tape Drives In Library

I’ve used System Center Data Protection Manager (DPM) since the 2007 beta, primarily for SharePoint and SQL backups & Exchange Backups.  At a customer they have one  DPM server which backs up to disk and additionally to a HP MSL2024 Tape Library for long term protection. The runs Windows Server 2008 R2 with DPM 2010 since its release.

After updating de DPM Server with SP1 for Windows 2008 R2 en updated the drivers. I had some issues with DPM. What I found was that although DPM installed correctly it couldn’t see  all the tape drives in the VTL. All the tape drives were visible in Device Manager and none were showing errors. I use the RECOMMENDED * HP StorageWorks Tape Drivers for Windows

In the DPM console under Management -> Libraries, the library was listed, but Total Drives was 0, rather than the expected 2. The DPM console showed the following error:

image

I followed the instructions to remap the drives here: http://technet.microsoft.com/en-us/library/bb795782.aspx. The DPMLA.xml file produced by the tool was correct, showing the correct SCSI IDs, serial numbers etc. but DPM still couldn’t see the drives.

I found the solution to the problem on the DPM forum here: http://social.technet.microsoft.com/Forums/en-US/dpmtapebackuprecovery/thread/1d599443-7bf6-437a-bf12-52847fa7c8e5/ What I did is update the tape drive driver to the Inbox LTO driver as described on the forum and below:

1) Open device manager
2) Locate the tape drive
3) Right-click and look at the properties.
3) Under the DRIVER tab, select UPDATE DRIVER
a) Select the Install from list or specific location (Advanvced) – next.
b) Select Don’t search. I will choose the driver to install. – next.
c) Uncheck the Show comtabile hardware checkbox.
d) Highlight LTO under the manufacturer.
e) Highlight the LTO tape drive under model – then next.
f) This should install the Microsoft ltotape.sys driver.
4) Rescan the tape library in the DPM console – try to take another backup.

After following the above steps, all the two tape drives were visible in the DPM console.

DPM 2010 Fix: Disk based recovery points are not deleted as per retention goals

When using System Center Data Protection Manager 2007 or 2010 (DPM) to backup your production servers, you might encounter a situation where the recovery point volumes for your protected data source keep running out of space and the number of days that DPM has recovery points for exceeds the desired retention range. If you run vssadmin list shadows, or run diskshadow.exe followed by list shadows all command, you can see that there are more shadow copies than there should be based on the desired retention goal. Also, if you manually run the DPM Power Shell pruneshadowcopies2010.ps1 script, no recovery points are removed, but there are no errors.

So what’s going on here? Most likely this is happening because the NetBIOS name of the DPM server is longer than 15 characters.

Resolution

To resolve the problem perform the following to truncate the name to the 15 character limit.

1) Using notepad, open C:\Program Files\Microsoft DPM\DPM\bin\pruneshadowcopiesDpm2010.ps1 (For DPM2010) or pruneshadowcopies.ps1 (For DPM 2007).

2) Locate the following entry:

$dpmservername = &"hostname"

3) Replace the &"hostname" with the truncated 15 character NetBIOS name of the DPM server. For example, if the DPM Server’s host name is "Long-DPM-server-name" then modify the entry as follows:

$dpmservername = "ward-dpm01.wardvissers.local"

4) Save the modified script.

5) Either run the script manually, or wait for it to run at midnight – then verify the shadow copies are being pruned as expected.

Now I have nice Green Protection Groups
image

Special Thanks to J.C. Hornbeck

Microsoft Office 365 Deployment Readiness Tool

The Office 365 Deployment Readiness Tool provides analysis of your on-premises environment in preparation for an Office 365 enterprise deployment. The readiness tool is integrated with the guidance provided in the web edition of the Microsoft Office 365 Beta Deployment Guide.

Download HERE

I run the tool in my test environment. See below the results

Microsoft Office 365 Deployment Readiness Tool

Beta

Office 365 Deployment Resource Kit build 01.00.00.00
modgClick here for the Microsoft Office 365 Beta Deployment Guide for Enterprises

Domains

modg Deployment Guide: Adding Your Domain(s) to Office 365
All email domains discovered in your environment:
Total: 3

All primary email domains discovered:
Total: 2

Primary email domain suffixes with greater than 50 users:
wardvissers.local
Total: 1


User Identity and Account Provisioning

Active Directory

Statistics

Total number of domains discovered in your forest: 1
Estimated total number of users: 59
Estimated total number of contacts: 0
Estimated total number of groups: 54
Estimated total number of mailboxes: 53
Estimated total number of objects for Directory Synchronization: 113
note
Note: Filters were applied to obtain the above object counts for an Office 365 deployment.

Forest and Domains

The following domains were discovered in your Active Directory forest:
wardvissers.local
Total: 1

Trusts

No forest trusts found
green
You may deploy AD FS 2.0 and Directory Synchronization without multi-forest constraints

Schema and Forest/Domain Functionality Levels

Active Directory forest schema level: Windows Server 2008 R2
Exchange schema level: Exchange Server 2010 SP1
Domain Functionality:Windows Server 2008 R2
Forest Functionality:Windows Server 2008 R2
Domain Controller Functionality:Windows Server 2008 R2
green
It appears that your Active Directory schema is prepared for Exchange Rich Coexistence
modg Deployment Guide: Exchange Rich Coexistence Requirements


Active Directory Cleanup

modg Deployment Guide: Active Directory Cleanup

samaccountname (user name) Attribute

green
Character length test passed
green
Unsupported character test passed

givenname (first name) Attribute

green
Character length test passed
green
Unsupported character test passed

sn (last name) Attribute

green
Character length test passed
green
Unsupported character test passed

displayname Attribute

green
Character length test passed
green
Unsupported character test passed

mail (email address) Attribute

green
Character length test passed
green
Unsupported character test passed
green
No duplicates found

mailnickname Attribute

green
Character length test passed
green
Unsupported character test passed

proxyaddresses (email addresses) Attribute

green
No duplicates found
green
Unsupported character test passed

Directory Synchronization

Object count assessment:
Estimated number of objects for Directory Synchronization (entire forest): 113
modg Deployment Guide: Object Count Considerations
Enterprise Admin rights:
green
It appears that you are an enterprise admin
Directory Synchronization admin requirement met!
modg Deployment Guide: Directory Synchronization Required Permissions
Active Directory recycle bin:
warning
Active Directory recycle bin is enabled in your forest this may impact your total object count quota for Directory Synchronization.


Office 365 Single Sign On and Identity

AD FS 2.0 Directory Cleanup Check:

UserPrincipalName (logon ID for Office 365) Attribute

fyi
Update values once you have verified your organization does not have any other application dependencies on the UserPrincipalName attribute.
modg Deployment Guide: Active Directory Cleanup
green
Unsupported characters test passed
green
Spaces in logon value test passed
green
Unicode character test passed
note
Note: All Unicode characters will be converted to underscores (_) in the UserPrincipalName field.
green
No UserPrincipalName duplicates found
warning
Discovered users without a user logon name (blank value) for UserPrincipalName
You will need to provide each user a UserPrincipalName in order for these users to sign into Office 365.
fyi
Below is a list of your UserPrincipalName domain suffixes in use:
wardvissers.local
Total: 1
note
Note: During the Office 365 Beta only one namespace (root and child domains) per AD FS 2.0 farm
Example contoso.com and root.contoso.com would require 1 AD FS 2.0 farm and fabrikam.com would require an additional AD FS 2.0 farm

fyi
Password length per domain:

wardvissers.local = 7

Exchange Online

Discovered Exchange Server(s) on-premises:
Estimated total number of Exchange Servers: 1

Statistics:

Estimated total number of users with default mailbox size (True): 53
Estimated total number of users with larger than default mailbox size (False): 0
Estimated total number of objects with Exchange organization level quota: 6


Lync Online

Lync user assessment:
Estimated total number of users leveraging Office Communications/Lync on-premises: 2
Sip domains:
fyi
The following sip domains were discovered:
wardvissers.local
Total: 1

SharePoint Online

User object count assessment:
green
The number of user objects in your forest is supported.
modg Deployment Guide: Object Count Considerations

Client and End User Experience

modg Deployment Guide: Rich Experience Client Requirements

Summary of client computer readiness (Office 365 single sign-on and rich client checks):

warning
Below is an estimate of computer operating systems NOT ready for Office 365 rich client experience:
Total: 0
green
Below is an estimate of computer operating systems ready for Office 365 rich client experience:
Windows XP Service Pack 3: 3
Windows 7 Service Pack 1: 3
Total: 6

Network


fyi
IP Configuration:

IPv4 Address. . . . . . . . . . . : 192.168.150.60
IPv4 Address. . . . . . . . . . . : 192.168.150.1
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Default Gateway . . . . . . . . . : 192.168.150.254

fyi
Trace route to your default gateway:

Tracing route to 192.168.150.254 over a maximum of 30 hops
1 1 ms 2 ms 2 ms 192.168.150.254

fyi
Trace Route test to Exchange Online:

Tracing route to outlook.com [65.55.94.40]
over a maximum of 30 hops:
1 3 ms 2 ms 1 ms 192.168.150.254
2 * 24 ms 25 ms 82.169.11.254
3 25 ms 26 ms 26 ms 195.69.145.20
4 145 ms 146 ms 144 ms 10.14.234.234
5 * * * Request timed out.
6 * * * Request timed out.
7 10.14.234.234 reports: Destination net unreachable.
Trace complete.
fyi

For additional tests utilize the Exchange Remote Connectivity Analyzer

Port Query Tests:

modg Deployment Guide: Ports and Protocols
green
portal.microsoft.com
Made a TCP 443 connection to portal.microsoftonline.com
green
Outlook.com
Made a TCP 443 connection to outlook.com
green
Outlook.com IMAP
Made a TCP 993 IMAP connection to outlook.com
green
Outlook.com POP
Made a TCP 995 POP connection to outlook.com
green
Outlook.com SMTP
Made a SMTP TCP 587 connection to outlook.com
green
Active Directory Federation Services End Point
Made a TCP 443 connection to nexus.microsoftonline.com
green
Directory Synchronization End Point
Made a TCP 443 connection to adminwebservice.microsoftonline.com
green
Office 365 PowerShell End Point
Made a TCP 443 connection to ps.microsoftonline.com
green
Outlook.com PowerShell End Point
Made a TCP 443 connection to ps.outlook.com
green
Office 365 Community End Point
Made a TCP 80 connection to community.office365.com
green
Lync Online SIP Connection
Made a TCP 443 connection to sipdir.online.lync.com
green
Lync Online Federation
Made a TCP 5061 connection to sipfed.online.lync.com
Domain Name System (DNS) name records checks:
fyi
Found the following MX DNS record(s):
Server: localhost
Address: 127.0.0.1
wardvissers.local
primary name server = ward-dc01.wardvissers.local
responsible mail addr = hostmaster.wardvissers.local
serial = 761
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
Information Gathered On:
WARD-DC01
Date: za 07-05-2011
Start Time: 18:19
End Time: 18:21

How to create a Windows 7 x86 or x64 WMI Filter

I want to deploy some applications to different OS versions. I created some WMI filters. I added the right Group Policy to the right WMI filter.

Target Win 7 32 bit machines:

select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="1" AND NOT OSArchitecture = "64-bit"

Target Win 7 64Bit machines:

select * from Win32_OperatingSystem WHERE Version like "6.1%" AND ProductType="1" AND OSArchitecture = "64-bit"

Target any 32 bit OS;

SELECT AddressWidth FROM Win32_Processor WHERE AddressWidth =’32’

Target any 64Bit OS:

SELECT AddressWidth FROM Win32_Processor WHERE AddressWidth =’64

GAL Photos in Exchange 2010 and Outlook 2010

With Microsoft Exchange 2010 and Outlook 2010 & Lync & Sharepoint 2010 you can finally get photos into your global address list (GAL) and see just who’s who on your emails. You can do this on 2 way’s

1. Using Powershell Smile

    A minor schema change

    First stop, the AD Schema. A minor schema modification is required to flip the thumbnailPhoto attribute to make it replicate to the Global Catalog.

    1. If you haven’t registered the Schema MMC snap-in on the server you want to make this change on, go ahead and do so using the following command:

      Regsvr32 schmmgmt.dll

    2. Fire up a MMC console (Start -> Run -> MMC) and add the Schema snap-in

    3. In the Active Directory Schema snap-in, expand the Attributes node, and then locate the thumbnailPhoto attribute. (The Schema snap-in lists attributes by its ldapDisplayName).

    4. In the Properties page, select Replicate this attribute to the Global Catalog, and click OK.

      Figure 1: Modifying the thumbnailPhoto attribute to replicate it to Global Catalog

      Loading pictures into Active Directory

      Now you can start uploading pictures to Active Directory using the Import-RecipientDataProperty cmdlet, as shown in this example:

      Import-RecipientDataProperty -Identity "Ward VIssers" -Picture -FileData ([Byte[]]$(Get-Content -Path "C:\pictures\wardvissers.jpg" -Encoding Byte -ReadCount 0))

      To perform a bulk operation you can use the Get-Mailbox cmdlet with your choice of filter (or use the Get-DistributionGroupMember cmdlet if you want to do this for members of a distribution group), and pipe the mailboxes to a foreach loop. You can also retrieve the user name and path to the thumbnail picture from a CSV/TXT file.

      2. Using a Free tool like Outlook Photos from Exclaimer

      Download the Tool HERE

      The tool is easy to use Smile.

      Prerequisites

      User Preferences

        Domain user – The logged in user’ account is required to be an Active Directory account.

        Domain computer – The computer the user is logged into needs to be joined to an Active
        Directory domain.

        Active Directory permissions – The logged in user must have permission to upload photos to the required Active Directory accounts. (Alternate credentials can be supplied or control of the thumbnailPhoto field can be delegated to the logged in user.)

      Operating System

      • Windows Server 2003 x86 (including all service pack levels).
      • Windows Server 2003 R2 x86 and x64 (including all service pack levels).
      • Windows Server 2008 x86 and x64 (including all service pack levels).
      • Windows Server 2008 R2 x86 and x64 (including all service pack levels).
      • Windows Small Business Server 2003 (including all service pack levels).
      • Windows Small Business Server 2008.
      • Windows Small Business Server 2011.
      • Windows XP x86 and x64 (including all service pack levels).
      • Windows Vista x86 and x64 (including all service pack levels).
      • Windows 7 x86 and x64 (including all service pack levels).

      Other Software

      Microsoft Outlook 2010 x86 and x64

      Microsoft .NET Framework 3.5 SP1

      Microsoft Exchange 2010 RTM and above

      Active Directory

      You must be logged into an Active Directory domain to run the application.

      Active Directory Forest
      Domain and Forest functional level of Windows Server 2008 and above.
      For Domain or Forest functional level of Windows Server 2003, the Windows Server 2008 Forest preparation must first be complete.

      Screenshots

        image image

      Add a MSN user to Lync Online & Office 365

      Today I have a relax day working from home . I have some time to play with Office 365 & Lync Online Open-mouthed smile

      I wonderd if there was a way to add a msn user to my Lync while using Lync Online.

      I added my own msn account on lync. On MSN Messenger I get the qwestion if I want to add a new contact. Yes off course… Smile

      Tada…. You can add all your MSN friends to Office 365 or Lync Online Open-mouthed smile

      image

      How Should Your Organization Deploy Microsoft® Exchange?

      image

      Microsoft released a white paper how to deploy Microsoft Exchange: as Exchange Server 2010 on-premises, Exchange Online with Microsoft Office 365 in the cloud, or using both in a temporary or permanent hybrid scenario.

      image

       

      Knowing the benefits and limitations of each deployment option can help you make the right decision for your organization. Whatever you decide, the deployment flexibility that Microsoft provides with Exchange makes it easier for you to get the right solution for your business.

      Download HERE the whitepaper