The security certificate on the server is invalid. Contact your Exchange Server administrator or ISP to install a valid certificate on the server. Support Code: 80072F0D or 0x80072f0d

I had some Windows Mobile device that did not sync anymore. I changed the Certificates on Exchange 2007 and ISA 2006 Servers.

After some investing. The problem was I was missing the GlobalSign Domain Validation CA certificate


After creating the cer file and installed on my PDA active sync works again.


VMMUpdate Script to Check if all Hyper-V hosts & SCVMM Server are Up to Date

Jonathan has created a nice script. This script checks witch updates are missing from Hyper-V hosts and SCVMM Server.

What updates?

Updates are regularly released for SCVMM Server, Hosts, and the Admin Console. These updates must be applied to all Hosts no matter how many you have. Updates are also released for technologies SCVMM leverages:

  • Windows
  • Hyper-V
  • Failover Cluster

As well as components SCVMM cannot function without:

  • WinRM
  • BITS
  • WMI
  • VDS
  • VSS

The difficulty is in making sure all systems are fully updated. This is a time-consuming task.

WSUS takes care of this for me…

Not necessarily. There are certain Hotfixes that need to be downloaded manually, but for the most part Windows Update is the key. WSUS is Microsoft’s solution to distributing Windows Updates within an enterprise, and this pulls from Windows Update as well. Unfortunately, rules in WSUS are sometimes set up such that all updates required do not find their way to SCVMM systems. So, there are layers of complexity in keeping systems up to date.

Prevent problems with VMMUpdate

With this script you now or that your Hyper-V hosts & SCVMM Server are up to date.

To download the latest follow the link HERE


System Center Data Protection Manager 2010 Monitoring Management Pack

The management pack monitors the health status of System Center Data Protection Manager 2010 and its components. It alerts the admin on critical health state and it provides certain break fix tasks to take corrective actions.

The following alerts are new in this release of the DPM 2010 Management Pack:

  • Backup metadata enumeration failed
  • Agent ownership required
  • Replica allocated and initial replication scheduled
  • Share path changed
  • Duplicate disks detected
  • VHD parent locator fix-up failed
  • Virtual machine metadata enumeration failed
  • VHD parent locator fix-up canceled
  • SharePoint Item Level Catalog failed
  • Backup without writer metadata
  • Customer Feedback opt-in
  • Backup SLA failed
  • Hyper-V Recovery Success
  • Global DPMDB Database Not Accessible alert notification
  • StagingAreaRestore in-progress
  • StagingAreaRestore success
  • StagingAreaRestore partial success
  • StagingAreaRestore failure
  • Auto Instance Protection failed
  • DPM Online Recovery Point creation failures
  • DPM Online Cache volume is missing
  • Partial Backup success
  • Library devices were disabled

You can download the System Center Data Protection Manager 2010 Monitoring Management Pack HERE

Microsoft Exchange Server 2010 Best Practices Covers SP1

Exchange 2010 Best Practices

If your are an Exchange Admin I can recommend the following book Microsoft Exchange Server 2010 Best Practices. It covers SP1. It  contains the following Chapters.

Part I  Preparing for Exchange Server 2010

Chapter 1: Introducing Exchange Server 2010

Chapter 2: Exchange Deployment Projects

Chapter 3: Exchange Environmental Considerations

Part II  Designing Exchange Server 2010

Chapter 4: Client Access in Exchange 2010

Chapter 5: Routing and Transporting

Chapter 6: Mailbox Services

Chapter 7: Edge Transport and Messaging Security

Chapter 8: Automated Message Processing, Compliance, and Archiving

Chapter 9: Unified Messaging

Chapter 10: Federated Delegation

Chapter 11: Designing High Availability

Chapter 12: Backup, Restore, and Disaster Recovery

Chapter 13: Hardware Planning for Exchange Server 2010

Part III  Upgrading to Exchange Server 2010

Chapter 14: Upgrading from Exchange Server 2003 and Exchange Server 2007

Part IV  Deploying and Managing Exchange Server 2010

Chapter 15: Preparing for a Deploying Exchange Server 2010

Chapter 16: Managing Exchange

Chapter 17: Operating and Troubleshooting Exchange Server 2010

This book is also not a preparation guide for Exam 70-662: TS: Microsoft Exchange Server 2010, Configuring, or Exam 70-663: Pro: Designing and Deploying Messaging Solutions with Microsoft Exchange Server 2010, even though when you apply the knowledge and experience covered in this book, it will help you to pass these exams.

Exchange 2007 OWA Redirect Bug Introduced with Exchange 2010 SP1

The Customer where I now work has a mix of Exchange 2007 and Exchange 2010 users.  It seems that SP1 has introduced a obvious bug.  Before I get into that, I’ll give some background on how Exchange 2010 coexists with previous versions of Exchange.
When you have a mix of Exchange 2010 and older versions in your environment, you have to do a bit of work to make the two work together for your external users.  In a nutshell, you use Exchange 2010 Client Access Server (CAS) as your primary entry point for all external users. 
Say you use as your externally accessible URL.  If an Exchange 2010 user logs in from the Internet, the Exchange 2010 CAS will do its thing and the user will get a nice Outlook Web App screen.
If an Exchange 2007 user logs in using, the Exchange 2010 CAS will redirect the user to an externally accessible Exchange 2007 CAS using a different URL (like  The redirection is silent, but the user may notice their browser changed to
How the redirect is handled is managed by the LegacyRedirectType setting in the Exchange 2010 OWA virtual directory.  In most cases, LegacyRedirectType is set to Silent.  To see what the setting is in your environment, run:Get-OWAVirtualDirectory -Server <CASservername> | FL Identity, LegacyRedirectType

In SP1, this redirection is no longer silent.  When your Exchange 2007 user logs in via, they are presented with this screen:

The text reads:

A temporary change has occurred that requires you to connect to a different server.  To connect, click the button below.  For security reasons, you’ll be asked to enter your user name and password again.

Sure enough, when you click Connect, you are redirected to, where you have to re-enter your user information.
Thankfully, the same sort of thing doesn’t seem to happen with Outlook Anywhere or ActiveSync clients.
I checked the LegacyRedirectType value on my 2010 SP1 CAS boxes and they are all still set to Silent.  The issue occurs because the OWA virtual directory value for LegacyRedirectType is being ignored.  This is an extraordinarily unfortunate thing to have been introduced with SP1.   If you have a mixed Exchange 2007/2010 environment, I suggest you wait until the rollup 2 is out before deploying SP1. 

Update 15 December 2010

Update 2 for Exchange 2010 and the fix is there described 2458419 "A temporary change has occurred that requires you to connect to a different server" error message when Exchange Server 2007 mailbox users try to access their mailboxes by using an Exchange Server 2010 Client Access server

You can download the rollup HERE

Rollup 1 for Exchange Server 2010 SP1

Microsoft released Rollup 1 for Exchange Server 2010 SP1 that fixes the following things.

2028967 Event ID 3022 is logged and you still cannot replicate a public folder from one Exchange Server 2010 server to another

2251610 The email address of a user is updated unexpectedly after you run the Update-Recipient cmdlet on an Exchange Server 2010 server

978292  An IMAP4 client cannot send an email message that has a large attachment in a mixed Exchange Server 2010 and Exchange Server 2003 environment

982004 Exchange Server 2010 users cannot access the public folder

983549 Exchange Server 2010 removes the sender’s email address from the recipient list in a redirected email message

983492 You cannot view updated content of an Exchange Server 2010 public folder

Download Rollup 1 for Exchange Server 2010 SP1 HERE

Exchange SP1 2010 Setting rights with Public Folder Management Console

For Exchange 2007 you had PFDAVAdmin to set rights on the Public Folder store.

For Exchange 2010 (RTM & SP1) you have the tool ExFolder to set rights on the public Folder store.

But the Exchange Team did a great job to add Public Folder Rights to the Public Folder Management Console.

When you right click on the a public folder you can set permission on two ways.

1. Right click on the public folder and choose Manage Settings

I give my self Owner rights for this little demo.

image image

2. Select Properties from the public folder and then select the Permissions tab.

Data Protection Manager 2010 Operations Guide


Microsoft released a nice manual for monitoring and managing DPM servers and tape libraries, and protected computers that are running Microsoft Exchange Server, Microsoft SQL Server, Windows SharePoint Services, Microsoft Virtual Server, or the Hyper-V role in Windows Server 2008 or Windows Server 2008 R2. This guide also provides instructions for setting up protection of data on desktop computers that are connected to the network, and portable computers that are connected to the network intermittently, and for setting up disaster recovery.

Download the Manual

Removing the Browser Choice option During deployment with MDT 2010

The Deployment Guys created a nice script to remove the Browser Choice option.

If you are in the European Union, you will have seen the installation of the Browser Choice option from Windows Update. This is a good thing if you are a consumer, however if you are managing Volume Licensed (VL) builds and you don’t want the Browser Choice in your deployment image.
But you do want to make use of the MDT 2010 ability to go off to Windows Update or your WSUS Server and install patches automatically during your deployment task sequence.

Check HERE how to config MDT to use your WSUS server

MDT 2010 comes with a number of task sequence templates. The one I used many times is the standard client task sequence template. As part of this template there are two tasks for applying Windows updates (Pre-Application Installation and Post-Application Installation).
These tasks are really useful as part of the deployment of a client machine because you have always an up to date image.


As part of this automated Windows Update process KB976002 will be downloaded and installed giving the options shown below in your core image.


Recently KB2019411 has been released which provides information about the Browser Choice update for system administrators who are in managed environments that are under a Volume Licensing program . De Deploymentsguys have created a MDT based script for implementing the suggestions in the article KB2019411. Adding the registry entries to control the display of the Browser Choice screen and to remove the Browser Choice icon from the desktop.

The script (CFG-HideBrowserChoice.wsf) should be placed in the MDT Distribution Share\Scripts folder and then a “Run Command Line” task should be added to your image engineering task sequence (after the last Windows Update task but before the sysprep and image capture tasks). The command you should run is cscript.exe CFG-HideBrowserChoice.wsf.

An example of this is shown below.


When the task runs, the script will turn off the Browser Choice and removes the icon from the desktop. You will also find a log file that the script generates in the usual MDT log location (MININT\SMSOSD\OSDLOGS\CFG-HideBrowserChoice.log)

You can get the CFG-HideBrowserChoice.wsf script from the Deployment Guys SkyDrive by clicking HERE

Tested and I worked great