Rollup 2 for Exchange Server 2010 Service Pack 1

Posted on December 15, 2010 by Ward

Today the Exchange Team released Rollup 2 for Exchange Server 2010 Service Pack 1 (KB2425179). This update raises Exchange 2010 version number to 14.1.270.1.

The List with Fixes:

983186 The mailbox alias of a user contains the "?" character unexpectedly after you run the "Enable-Mailbox" cmdlet to create a mailbox for the user in an Exchange Server 2010 environment

2295902 An excepted occurrence is not excluded from a recurring iCalendar message for an Exchange Server 2010 mailbox user

2385017 You cannot edit public folder items even though you are the owner of the items in an Exchange Server 2010 environment

2385194 You cannot connect to an Exchange Server 2010 mailbox by using a MAPI application when a Mailbox server and a Client Access server are installed on different computers

2397171 You cannot reply or forward a large email message on an Exchange Server 2010 mailbox

2403783 An incorrect label is displayed in the date field in a public folder item when you open the item by using OWA in an Exchange Server 2010 environment

2408924 The subject of an item is deleted when you use the "UploadItems" operation together with the "Update" action or the "UpdateOrCreate" action in an Exchange Server 2010 environment

2409597 You cannot open a public folder item when the default public folder database for the mailbox database is unavailable in an Exchange Server 2010 environment

2423776 The Exchange Information Store service crashes frequently during a public folder replication process on an Exchange Server 2010 public folder

2431500 You cannot connect to an Exchange Server 2010 mailbox simultaneously by using Outlook Anywhere from several Windows XP-based computers

2433642 The "FETCH (BODYSTRUCTURE)" command returns a corrupted file name of an email message attachment on an Exchange Server 2010 computer

2452075 You cannot connect to mailboxes in a recovery database on a server after you install Exchange Server 2010 SP1

2458005 The Exchange Mailbox Replication service crashes when you use the "New-MailboxImportRequest" command to import a PST file to an Exchange Server 2010 mailbox

2458419 "A temporary change has occurred that requires you to connect to a different server" error message when Exchange Server 2007 mailbox users try to access their mailboxes by using an Exchange Server 2010 Client Access server

2322161 The replay queue length on passive copies of mailbox databases in Database Availability Group continues to increase in an Exchange Server 2010 environment

982004 Exchange Server 2010 users cannot access the public folder

983492 You cannot view updated content of an Exchange Server 2010 public folder

983549 Exchange Server 2010 removes the sender’s email address from the recipient list in a redirected email message

Download the Hotfix HERE

Exchange 2010 Getting an overview of all ActiveSync devices in the Exchange-organization

Posted on November 5, 2010 by Ward

If you want a list with al the pda’s that are connected to your Exchange Organization.

You can use the following Powershell command let.
Get-Mailbox –resultsize unlimited | Get-ActiveSyncDevice | fl userdisplayname,DeviceModel,Devicetype, DeviceUserAgent > c:\pdas.txt

Advanced Deployment Scenarios using the Microsoft Deployment Toolkit 2010

Posted on November 3, 2010 by Ward

I was attended on twitter on the following video’s. I watch some of them. They are really interesting Open-mouthed smile

The Vid’s
TechNet Video: Advanced Deployment Scenarios using the Microsoft Deployment Toolkit 2010: (Part 1 of 7)Reviewing the Available Options in the Deployment Workbench

TechNet Video: Advanced Deployment Scenarios using the Microsoft Deployment Toolkit 2010: (Part 2 of 7)Create and Explore the Configuration Database

TechNet Video: Advanced Deployment Scenarios using the Microsoft Deployment Toolkit 2010: (Part 3 of 7)Configuring Role Methods in the Configuration Database

TechNet Video: Advanced Deployment Scenarios using the Microsoft Deployment Toolkit 2010: (Part 4 of 7)Configuring Other Methods in the Configuration Database

TechNet Video: Advanced Deployment Scenarios using the Microsoft Deployment Toolkit 2010: (Part 5 of 7)Configuring the Deployment Point to Use the Configuration Database

TechNet Video: Advanced Deployment Scenarios using the Microsoft Deployment Toolkit 2010: (Part 6 of 7)Using Linked Deployment Points

TechNet Video: Advanced Deployment Scenarios using the Microsoft Deployment Toolkit 2010: (Part 7 of 7)Custom Edit the Deployment Wizard to Add a New Page

Rollup 1 for Exchange Server 2010 SP1

Posted on October 8, 2010 by Ward

Microsoft released Rollup 1 for Exchange Server 2010 SP1 that fixes the following things.

2028967 Event ID 3022 is logged and you still cannot replicate a public folder from one Exchange Server 2010 server to another

2251610 The email address of a user is updated unexpectedly after you run the Update-Recipient cmdlet on an Exchange Server 2010 server

978292 An IMAP4 client cannot send an email message that has a large attachment in a mixed Exchange Server 2010 and Exchange Server 2003 environment

982004 Exchange Server 2010 users cannot access the public folder

983549 Exchange Server 2010 removes the sender’s email address from the recipient list in a redirected email message

983492 You cannot view updated content of an Exchange Server 2010 public folder

Download Rollup 1 for Exchange Server 2010 SP1 HERE

Exchange 2010 SP1 Prerequisites

Posted on September 2, 2010 by Ward

Some day’s ago Microsoft Releases Exchange 2010 SP1. When you install Exchange 2010 SP1 you need to install some hotfixes. The Exchange Team have made a nice over view witch hotfixes you need for the OS.

Hotfix	Download	Windows Server 2008	Windows Server 2008 R2	Windows 7 & Windows Vista
979744 A .NET Framework 2.0-based Multi-AppDomain application stops responding when you run the application	MSDN or Microsoft Connect	Windows6.0-KB979744-x64.msu (CBS: Vista/Win2K8)	Windows6.1-KB979744-x64.msu (CBS: Win7/Win2K8 R2)	N. A.
983440 An ASP.NET 2.0 hotfix rollup package is available for Windows 7 and for Windows Server 2008 R2	Request from CSS	Yes	Yes	N.A.
977624 AD RMS clients do not authenticate federated identity providers in Windows Server 2008 or in Windows Vista. Without this update, Active Directory Rights Management Services (AD RMS) features may stop working	Request from CSS using the “View and request hotfix downloads” link in the KBA \| US-English	Select the download for Windows Vista for the x64 platform.	N.A.	N.A.
979917 Two issues occur when you deploy an ASP.NET 2.0-based application on a server that is running IIS 7.0 or IIS 7.5 in Integrated mode	Request from CSS using the Hotfix Request Web Submission Form or by phone (no charge)	Yes	N. A.	N. A.
973136, FIX: ArgumentNullException exception error message when a .NET Framework 2.0 SP2-based application tries to process a response with zero-length content to an asynchronous ASP.NET Web service request: “Value cannot be null”.	Microsoft Connect	Windows6.0-KB973136-x64.msu	N.A.	N. A.
977592 RPC over HTTP clients cannot connect to the Windows Server 2008 RPC over HTTP servers that have RPC load balancing enabled.	Request from CSS	Select the download for Windows Vista (x64)	N.A.	N. A.
979099 An update is available to remove the application manifest expiry feature from AD RMS clients.	Download Center	N. A.	Windows6.1-KB979099-x64.msu	N. A.
982867 WCF services that are hosted by computers together with a NLB fail in .NET Framework 3.5 SP1	MSDN	N. A.	Windows6.1-KB982867-v2-x64.msu (Win7)	X86: Windows6.1-KB982867-v2-x86.msu (Win7) x64: Windows6.1-KB982867-v2-x64.msu (Win7)
977020 FIX: An application that is based on the Microsoft .NET Framework 2.0 Service Pack 2 and that invokes a Web service call asynchronously throws an exception on a computer that is running Windows 7.	Microsoft Connect	N. A.	N. A.	x64: Windows6.1-KB977020-v2-x64.msu X86: Windows6.1-KB977020-v2-x86.msu

Some of the hotfixes would have been rolled up in a Windows update or service pack. Given that the Exchange team released SP1 earlier than what was planned and announced earlier, it did not align with some of the work with the Windows platform. As a result, some hotfixes are available from MSDN/Connect, and some require that you request them online using the links in the corresponding KBs. All these updates may become available on the Download Center, and also through Windows Update.

These hotfixes have been tested extensively as part of Exchange 2010 SP1 deployments within Microsoft and by our TAP customers. They are fully supported by Microsoft.

The TechNet article Exchange 2010 Prerequisites is updated with the hotfixes and install the prerequisites required for your server version (the hotfixes are linked to in the above table).

You can use the Install the Windows Server 2008 SP2 operating system prerequisites on a Windows 2008 R2 server. Only you have to run the following powershell command: Import-Module ServerManager

Installed Exchange 2010 SP1 on a Windows 2008 R2 Server with problems. I feels that the MMC is faster. Tomorrow upgrading a DAG/NLB cluster to Exchange 2010 SP1.

Microsoft Exchange Server 2010 Service Pack 1 has been released

Posted on August 26, 2010 by Ward

Microsoft has released Exchange SP1 Open-mouthed smile .

So What’s New in Exchange SP1:

New Deployment Functionality

During an Exchange 2010 SP1 installation, you can now select a new option to install the required Windows roles and features for each selected Exchange 2010 SP1 server role. For more information, see New Deployment Functionality in Exchange 2010 SP1.

Exchange ActiveSync

In Exchange 2010 SP1, you can manage Exchange ActiveSync devices using the Exchange Control Panel (ECP). Administrators can perform the following tasks:

Manage the default access level for all mobile phones and devices.
Set up e-mail alerts when a mobile phone or device is quarantined.
Personalize the message that users receive when their mobile phone or device is either recognized or quarantined.
Provide a list of quarantined mobile phones or devices.
Create and manage Exchange ActiveSync device access rules.
Allow or block a specific mobile phone or device for a specific user.

For every user, the administrator can perform the following tasks from the user’s property pages:

List the mobile phones or devices for a specific user.
Initiate remote wipes on mobile phones or devices.
Remove old mobile phone or device partnerships.
Create a rule for all users of a specific mobile phone or device or mobile phone type.
Allow or block a specific mobile phone or device for the specific user.

SMS Sync

SMS Sync is a new feature in Exchange ActiveSync that works with Windows Mobile 6.1 with the Outlook Mobile Update and with Windows Mobile 6.5. SMS Sync is the ability to synchronize messages between a mobile phone or device and an Exchange 2010 Inbox. When synchronizing a Windows Mobile phone with an Exchange 2010 mailbox, users can choose to synchronize their text messages in addition to their Inbox, Calendar, Contacts, Tasks, and Notes. When synchronizing text messages, users will be able to send and receive text messages from their Inbox. This feature is dependent on the user’s mobile phones or devices supporting this feature

Reset Virtual Directory

In Exchange 2010 SP1, you can use the new Reset Client Access Virtual Directory wizard to reset one or more Client Access server virtual directories. The new wizard makes it easier to reset a Client Access server virtual directory. One reason that you might want to reset a Client Access server virtual directory is to resolve an issue related to a damaged file on a virtual directory. In addition to resetting virtual directories, the wizard creates a log file that includes the settings for each virtual directory that you choose to reset. For more information, see Reset Client Access Virtual Directories.

Exchange Store and Mailbox Database Functionality

The following is a list of new store and mailbox database functionality in Exchange 2010 SP1:

With the New-MailboxRepairRequest cmdlet, you can detect and repair mailbox and database corruption issues.
Store limits were increased for administrative access.
The Database Log Growth Troubleshooter (Troubleshoot-DatabaseSpace.ps1) is a new script that allows you to control excessive log growth of mailbox databases.
Public Folders client permissions support was added to the Exchange Management Console (EMC).

Mailbox and Recipients Functionality

The following is a list of new mailbox and recipient functionality included in Exchange 2010 SP1:

Calendar Repair Assistant supports more scenarios than were available in Exchange 2010 RTM.
Mailbox Assistants are now all throttle-based (changed from time-based in Exchange 2010 RTM).
Internet calendar publishing allows users in your Exchange organization to share their Outlook calendars with a broad Internet audience.
Importing and exporting .pst files now uses the Mailbox Replication service and doesn’t require Outlook.
Hierarchical address book support allows you to create and configure your address lists and offline address books in a hierarchical view.
Distribution group naming policies allow you to configure string text that will be appended or prepended to a distribution group’s name when it’s created.
Soft-delete of mailboxes after move completion

High Availability and Site Resilience Functionality

The following is a list of new high availability and site resilience functionality included in Exchange 2010 SP1:

Continuous replication – block mode
Active mailbox database redistribution
Enhanced datacenter activation coordination mode support
New and enhanced management and monitoring scripts
Exchange Management Console user interface enhancements
Improvements in failover performance

Messaging Policy and Compliance Functionality

The following is a list of new messaging policy and compliance functionality included in Exchange 2010 SP1:

Provision personal archive on a different mailbox database
Import historical mailbox data to personal archive
Delegate access to personal archive
New retention policy user interface
Support for creating retention policy tags for Calendar and Tasks default folders
Opt-in personal tags
Multi-Mailbox Search preview
Annotations in Multi-Mailbox Search
Multi-Mailbox Search data de-duplication
WebReady Document Viewing of IRM-protected messages in Outlook Web App
IRM in Exchange ActiveSync for protocol-level IRM
IRM logging
Mailbox audit logging

Technet Exchange 2010 SP1 info
Release Notes for Exchange Server 2010 SP1
What’s New in Exchange 2010 SP1
Downloads:
Microsoft Exchange Server 2010 Service Pack 1
Microsoft Exchange Server 2010 SP1 Language Pack Bundle
Exchange Server 2010 SP1 UM Language Packs
Exchange Server 2010 SP1 Help

Exchange 2010 Autodiscovery Issues

Posted on August 9, 2010 by Ward

Two weeks ago a build my first production Exchange 2010 cluster. The Exchange 2010 web services are causing a lot of issues to people, and my self not any more.

Well, let us first list the directories that are used in the Exchange web service:

EWS is used for OOF, Scheduling assistance and free+busy Lookup.
OAB provides offline address book download services for client.
Autodiscover is used to provide users with autodiscover service.
EAS provides ActiveSync services to Windows Mobile based devices.
OWA provides outlook web access for users.
ECP provides Exchange control panel feature for Exchange 2010 users only.

Issues that might be resolved using the troubleshooting steps here:

You cannot set the OOF using outlook client, you receive the server not available error.
You cannot view free/busy information for other users.
You cannot use scheduling assistance, also you might receive not free/busy information data retrieved.
You cannot download Offline Address book errors.
You cannot use autodiscover externally.
Certificate mismatch error in autodiscover, users prompted to trust certificate in outlook 2007/2010.

First let us start by settings the right virtual directory configuration required for Exchange 2010 to work correctly:
Configure External and Internal URLs for OWS, ref: http://technet.microsoft.com/en-us/library/bb310763.aspx

You have to configure the internal URL to be the server name. In case you have multiple cas/hub servers configured in a NLB then can use the nlb cluster name for the internal url.
External URL will be the URL used by users to access webmail e.g. https://webmail.wardvissers.nl/owa

Configure the autodiscover internal URL, ref: http://technet.microsoft.com/en-us/library/bb201695.aspx

You will use the powershell cmdlet : Set-ClientAccessServer –Identity <CAS Server Name> -AutoDiscoverServiceInternalUri: <Internal URL>, this FQDN must match the URL included in the certificate. If you have NLB cluster then you put the internal name here like nlbek10.wardvissers.local

If you cannot use autodiscover.wardvissers.nl internally (you have a domain name of domain.local and you must use it), you will get a certificate miss match error, you will have to include the internal name in the SAN certificate if you purchase an external SAN certificate.

You cannot set autodiscover external URL since outlook will try to access https://autodiscover.wardvissers.nl/autodiscover/autodiscover.xml, this behavior is by design and cannot be changed.

Best Practice: Use SAN Certificates

Depending on how you configure the service names in your Exchange deployment, your Exchange server may require a certificate that can represent multiple domain names. Although a wildcard certificate, such as one for *.wardvissers.nl, can resolve this problem, many customers are uncomfortable with the security implications of maintaining a certificate that can be used for any sub-domain. A more secure alternative is to list each of the required domains as SANs in the certificate. By default, this approach is used when certificate requests are generated by Exchange.

Best Practice: Use the Exchange Certificate Wizard to Request Certificates

There are many services in Exchange that use certificates. A common error when requesting certificates is to make the request without including the correct set of service names. The certificate request wizard in the Exchange Management Console will help you include the correct list of names in the certificate request. The wizard lets you specify which services the certificate has to work with and, based on the services selected, includes the names that you must have in the certificate so that it can be used with those services. Run the certificate wizard when you’ve deployed your initial set of Exchange 2010 servers and determined which host names to use for the different services for your deployment.

Which Names you must include when you use a third party SAN certificate, ref http://technet.microsoft.com/en-us/library/dd351044.aspx:
External:
webmail.wardvissers.nl
autodiscover.wardvissers.nl
legacy.wardvissers.nl (If you migrating from 2003 to 2010)
Internal:
autodiscover.wardvissers.local
legacy.wardvissers.local
nlbek10.wardvissers.local(Internal NLB CAS/HUB Cluster)
casarray.wardvissers.local(I use this address for the casarray. It has the same ip as the nlbek10)

Vizioncore release free VMware Management Pack for OpsMgr

Posted on August 4, 2010 by Ward

Vizioncore, a wholly owned subsidiary of Quest have released a free Management Pack for System Center Operations Manager 2007 R2 which enables the monitoring of VMware virtual infrastructures. Now, before I get into the features and capabilities of what the MP gives you, it’s important to point out that this is the first free MP to deliver these capabilities, and may stir things up a little over at both Veeam and Bridgeways, who both have established MP’s for OpsMgr to enable monitoring of VMware environments. It’s important to say, both Veeam and Bridgeways offer trails of their solutions, so it would be important to compare the different MP’s for yourselves, however looking at a high level, one of the key elements that Veeam seems to have today, is that it’s PRO-enabled, thus provides more automated, dynamic and agile responses within the environment based on changing conditions. That’s not to say both Bridgeways and Vizioncore won’t evolve their technologies in the future, and bring in PRO capabilities, however today, you would have to classify it as a differentiator for Veeam. One you have to pay for however.

Screenshot Vizioncore Logo

So, what are the key features of the Vizioncore MP?

Essential alerts from the virtual infrastructure to reduce mean time to resolution (MTTR) of problems
Integration to System Center Operations Manager to centralize and consolidate monitoring efforts
Low cost and simple to use while allowing administrators to work in their familiar System Center Operations Manager views
Native management pack delivers alert and event management as well as trending inside the SCOM console
Agentless architecture for simple deployment and low overhead
Performance monitoring & availability event monitoring for fast resolution in the virtual environment
Out-of-the-box reports for host and guest metrics provides flexibility and clear communication between stakeholders

There’s even more features here…

What’s nice from my perspective, is the growth of the ecosystem around the Microsoft virtualisation platform, from Partners that have, in the past, been quite VMware focused. That’s more Vizioncore than Quest, but still, it’s moving in the right direction.

If you’re interested, you can get all the info, and download the MP, from here.

Source

Reviewing Least Privilege Security for Windows 7, Vista and XP

Posted on July 28, 2010 by Ward

I was recently approached to do a book review on “Least Privilege Security for Windows 7,Vista and XP by Russell Smith” published by Packt Publishing. I will review it soon. It show you how to configure your Windows environment so that your users can operate without administrator permissions.

Here is a list of the just some of technologies that this book talks about to achieve a Least Privilege Security:

Program Compatibility Wizard
Applications Compatibility Wizard
User Account Control
Group Policy Software Deployment
Internet Explorer Add-on Management
Troubleshooting Remote Users
Configuring Windows Firewall
Software Restrictions Policies and AppLocker
Microsoft Deployment Toolkit
CD Burning
ActiveX Controls
Changing system time and time zones
Power Management
Managing networks
Standard Users Analyzer
Applications Compatibility Toolkit
Logon Scripts
Remote Desktop Services
App-V
Med-V

I have read already some chapters. I think it is a great book to have on your collection.
You have always not enough time thinking about security. This book does it for you.

As a special offer Packt Publishing are also letting people download preview chapter of this book by download here Chapter No. 3 – Solving Least privilege Problems with the Application Compatibility Toolkit

MDT 2010 Importing automatically the right driver

Posted on July 19, 2010 by Ward

Microsoft Deployment Toolkit 2010 has some nice improvements to handle drivers. I will describe how I like to manage drivers in MDT 2010.

Some time I wrote i article about how to get the Name & Model from a computer. This is very important when you want to import only the right drivers automatically.

First we have to build the ‘Out-of-Box Drivers’ folder structure and import drivers. I have subdirectories for each architecture, brand and model. This is what my folder tree looks like:

However, you can build your own structure, as long as you respect the proper model & brand (make) name of the vendors.

Build Out-of-Box Drivers tree

To build up the folder structure you have to know the model name of your hardware. To retrieve the proper computer name execute at powershell command prompt: ‘Get-WmiObject -Class win32_computersystemproduct | fl Name,Model,UUID,Identifyingnumber,Vendor’, to get the exact name WMI queries to determine the computer model. In my case the computer name is “Latitude D830”.

Now that we have drivers imported in our Deployment Share, it’s time to move on.

1. DriverGroups

DriverGroups existed in MDT 2008 already, although the MDT Team added subdirectory support in MDT 2010.

At deployment phase MDT uses WMI to query the proper computer model and only the current model drivers will be injected. In order to get this working properly, you have to use the EXACT model name in your Out-of-Box Driver tree.

Inject the correct drivers in your Task Sequence

Add a new step in your Task Sequence to inject the correct drivers. MDT will query the computer name and inject the drivers which corresponds with the computer name from the Out-of-Box folder structure, right before applying the image at deployment.

I use ‘DriverGroup_001’ as Task Sequence Variable, and Win7×64\%Make%\%Model% as value for my Windows 7 x64. You have to adapt this to your Out-of-Box tree.

As I use a DriverGroup I’ve disabled the ‘Inject Drivers’ task.

Customsettings.ini

As my Task Sequence handles everything, there isn’t anything needed here.

If you don’t like to use a new Task in your TS, you can add DriverGroup variables in customsettings.ini like this:

DriverGroup_001=%Make%\%Model%

DriverGroup_002=Printers

2. Selection Profiles

New in MDT 2010 are DriverSelectionProfiles. These are easy for new MDT admins, very straight forward and easy to use.

Overview:

First you have to create a Profile (or use one of the default profiles):

You can even select Packages and Applications, use it for “bad drivers” aka driver setup packs.

Select what drivers you want to add to the profile;

After making the profiles you can use them in your Task Sequences. The default ‘Inject Drivers’ settings are on the left, the customized one on the right:

You can add Selection Profiles for drivers/packages or whatever you want. Just add an extra step in your task sequence like above.

Customsettings.ini

As with DriverGroups you can choose to handle the DriverSelectionProfile in customsettings.ini or in your TS.

Example:

DriverSelectionProfile=Dell Latitude D520 x64

Ward Vissers

Things About Microsoft & Exchange & VMware

Tag Archives: View