250 Hello

Random Musings on Exchange and Virtualization

250 Hello

  • Most Popular Blog Posts For 2014

    Since 2014 is drawing to a close, I thought it would be interesting to see what were the 10 most popular articles on the blog.  For reference purposes, the top 10 from 2013 were also included for comparison. 

    I also wanted to wish everyone a great holiday.  If you are going skiing, staying home with family or slipping an extra shrimp on the barbie, take the time to enjoy it with your friends and family and see you in 2015!

     

    Most Popular 2014 Posts

    For the year 2014 the following were the ten most popular articles on this blog:

    1. How To Install ADFS 2012 R2 For Office 365 
    2. Exchange Support For Windows Server 2012 R2
    3. How To Check Exchange Rollup Version
    4. Windows Hyper-V 2012 & 8.1 Hyper-V Did Not Find Virtual Machine to Import
    5. How To Check Database White Space In Exchange
    6. Install Desktop Experience On Windows Server 2012
    7. Busting The Set-AutodiscoverVirtualDirectory Myth
    8. Outlook Unable To Connect To Exchange –Default Gateway Not Found
    9. How To Install ADFS 2012 R2 For Office 365–Part 2
    10. Remote Desktop Connection Manager Download (RDCMan) 2.2

     

    Most Popular 2013 Posts

    And here is the top 10 for 2013:

    1. Exchange Support For Windows Server 2012 R2
    2. Remote Desktop Connection Manager Download (RDCMan) 2.2
    3. Busting The Set-AutodiscoverVirtualDirectory Myth
    4. Hyper-V Did Not Find Virtual Machine To Import
    5. Windows Hyper-V 2012 & 8.1 Hyper-V Did Not Find Virtual Machine to Import
    6. Updated Exchange 2010 SCOM Management Pack – June 2012
    7. How To Check Database White Space In Exchange
    8. Install Desktop Experience On Windows Server 2012
    9. Fine Grained Control When Registering Multiple IP Addresses On a Network Card
    10. Exchange 2010 SP3 RU1 Released 

     

    Comparing 2014's with the 2013 top 10 posts we can see that there are certainly a few similarities, though there are also differences.  Office 365 adoption has increased dramatically and this is reflected in what people are searching for.  This is also reflected in what I am posting here too!

    On-premises Exchange still commands the lions share of the traffic in 2014 with the Windows 2012 R2 & Exchange support post remaining rather popular.    Autodiscover is always a contested area, and continues to bubble to the top.   Exchange 2007/2010 version checking and calculating database whitespace still remain surprisingly active. 

    In addition to the core Exchange and Office 365 articles there are also posts which were never envisioned as highly desired, yet find themselves in the top 10.  Downloading RDCMan and installing the Desktop Experience feature are prime examples.  

    Maybe next year the RDCMan 2.7 Download post will be in the top 10….

    Cheers,

    Rhoderick

  • PowerShell Script To Get Exchange 2010 Active CAS Connections

    Purpose of this script is to report on  particular performance monitor counters for Outlook RPC Client Access, OWA and Exchange ActiveSync on multiple servers.  This was required as during the course of the year there have been a few issues where the third party load balancer device was not really doing equitable load balancing.  In some cases 60% of the user load of 50,000 mailboxes was directed onto a single server. 

    Using the script we can easily see the number of Outlook RPC connections, the number of OWA users and how many ActiveSync requests are issued per second.  These are all standard performance monitor counters, the script simply pulls them all into one place. 

     

    Script Overview


    The script will build a collection of all the Exchange 2010 CA servers in the organisation.  if you need to restrict the list to a single site the query can be easily modified.  For more PowerShell filtering examples please see this post.  

    This is the line that would require editing if you wished to restrict the collection to a single AD site, or subset of servers:


    $ExchangeServers = Get-ExchangeServer | Where-Object {$_.AdminDisplayVersion -match "^Version 14" -and $_.ServerRole -Match "ClientAccess" }  | Sort-Object  Name

     

    Running The Script

    The script has a handy dandy progress bar to show completion status:

    Oooh Shiney - Look A Status Bar

    And the finished results should look something like the below, except that your numbers will likely not be zero.  Mine are zero as this is a lab…

    PowerShell Script Showing CAS Connections

     

    Script Download

    Please download the script from the TechNet Gallery:

    Download PowerShell Script To Show Exchange 2010 CAS Connections

     

    Please also provide feedback here or on the TechNet Gallery site!

    Cheers,

    Rhoderick

    PS Note to self:  Script is clearly lacking as there is no magenta text………..

  • Windows Update Fail – 0xC80003F3

    This is the case of one of those bizarre and very annoying issues to tack down.  The server in question is one of my lab servers where an automated build was used to create it.  It is a Windows 2008 R2 SP1 based server which has TMG 2010 SP2 installed as a reverse proxy.  Said server has been a little “squirrely”, and some “interesting things have happened where a restart would flush the gremlins out.  It managed to soldier on and worked. 

    After the last patch Tuesday I could not get the server to scan for updates.  There were a multitude of errors noted by the Windows Update client.  The data below is from the WindowsUpdate.log and you can see just how varied the errors are.  To keep one of my older friends happy, yes that is you Charles Of the Desert, let’s use findstr to parse the log looking for the specific phrase:

    Findstr.exe /i /c:"Warning: exit code =" WindowsUpdate.log

    More Windows Update Error Codes Than You Can Shake A Stick At

    Using Excel, the de-duplicated list of errors were:

    WARNING: Exit code = 0x80244023  WARNING: Exit code = 0x80072EE2

    WARNING: Exit code = 0x8024D011  WARNING: Exit code = 0x8024001B
    WARNING: Exit code = 0x800401FD  WARNING: Exit code = 0x8007000E
    WARNING: Exit code = 0xC80003F3  WARNING: Exit code = 0x8024402F
    WARNING: Exit code = 0x80080005

     

    The error codes are all over the place so there is not single issue in the WU client that explains all of them.  Time to expand the net….

    Event Log Entries

    Looking at the event logs there were some items of note: 

    EventID 2004 Windows Successfully Diagnosed A Low Memory Condition

     

    EventID 7023 Windoes Modules Installer Service Terminated Due To Insufficient System Resources

     

    Interesting, but nothing there screamed at a root cause.   Though why is Windows complaining about low resources, and then the Windows Modules Installer terminated due to insufficient resources?

     

    640K Is All You’ll Ever Need

    The server in question is a VM with 3GB of RAM installed, and task manager shows plenty of available memory.  Yes that is not a perfect check but it’s generally sufficient for a quick peek.  So if there is enough physical memory installed, but did the automated build set page file to match the RAM?

    256MB Page File - Seriously??

    <Borat>

    Not so much….

    </Borat>

     

    OK, We Need More Than 640K

    For some reason, the automated build had set the server with a single static page file of only 256 MB.  If this was a NT4 server and the year was 1999 then that would be good.  In the year 2014, it was far less than awesome…. 

    Increasing the page file to match physical RAM immediately corrected the issues and Windows Update then installed all updates!

    Cheers,

    Rhoderick

  • Exchange 2013 CU7 Released

    Exchange 2013 CU7 has been released to the Microsoft download centre!  Exchange 2013 has a different servicing strategy than Exchange 2007/2010 and utilises Cumulative Updates (CUs) rather than the Rollup Updates (RU/UR) which were used previously.    CUs are a complete installation of Exchange 2013 and can be used to install a fresh server or to update a previously installed one.  Exchange 2013 SP1 was in effect CU4, and CU7 is the third post SP1 release.  CU7 contains AD DS schema changes so please test and plan accordingly!

    One aspect to note is that CU7 does contain the security fix for the issues described in security bulletin MS14-075.  To address these security issues in pre CU7 builds of Exchange 2013, there are separate updates available.  While not directly applicable to CU7, it is worth noting should you wish to implement the security fix prior to upgrading to CU7.

     

    Update 10-12-2014: Corrected CU7 security update wording.

     

    CU7 provides support for Public Folder Hierarchies in Exchange Server 2013 which contain 250,000 public folders.  Yay!!!!  CU7 also resolves backup and restore issues.  The Exchange product group recommend upgrading to Exchange 2013 CU7 and then taking a full backup.

    Please take the time to review these additional posts:

     

    For those co-existing with Exchange 2007 there were some issues with CU6, that should all be resolved in CU7.  For example if you are deploying into a mixed environment with Exchange 2007, you need to review KB2997209 Exchange Server 2013 databases unexpectedly fail over in a co-existence environment with Exchange Server 2007.  Customer with Exchange 2007 and 2013 also had to review KB 2997847 You cannot route ActiveSync traffic to Exchange 2007 mailboxes after you upgrade to Exchange 2013 CU6.  There were some issues with the post CU6 IU that was released to correct these issues as it did not always copy all the OWA files.   CU6 also had an issue which affected Hybrid mailboxes.

    Exchange 2013 CU7 Download

    This is build 15.00.1044.025 of Exchange 2013 and the update is helpfully named Exchange2013-x64-cu7.exe.  Which is a great improvement over the initial CUs that all had the same file name!  Details for the release are contained in KB2986485.

     

    Updates Of Particular Note

    • CU7 addresses the security issues described in MS14-065.  To address these issues in pre CU7 builds of Exchange 2013 there are separate updates available for:

     

    • 2999031 A cross-forest mailbox move from Exchange Server 2007 to Exchange Server 2013 finishes with CompletedWithWarnings status
    • 3008438 User who is trying to Log on to Exchange Admin Console is logged in to OWA instead

    • 3006672 Move request fails if the IsExcludedFromProvisioning option is true in Exchange Server 2013

    • 3005391 Exchange Server 2013 Cumulative Update 5 breaks free/busy lookup from Exchange Online to Exchange Server 2007

    • 3001217 TLS 1.0 is hardcoded for SMTP traffic encryption in Exchange Server 2013

    • 3003580 Event ID 4999 and 4401 when the Microsoft Exchange Replication service crashes in Exchange Server 2013

    • 3000944 Subfolders under the Deleted Items folder are not visible in Outlook in an Exchange Server 2013 environment
    • 2997847 You cannot route ActiveSync traffic to Exchange 2007 mailboxes after you upgrade to Exchange 2013 CU6
    • 2997355 Exchange Online mailboxes cannot be managed by using EAC after you deploy Exchange Server 2013 CU6
    • 2997209 Exchange Server 2013 databases unexpectedly fail over in a co-existence environment with Exchange Server 2007

     

    Issues Resolved

     

    • 3004235 Exchange Server meetings in Russian time zones as well as names of time zones are incorrect after October 26, 2014

    • 3012655 New-MailboxImportRequest causes unreadable characters when you import an ANSI format .pst file of Russian language

    • 3012652 CalendarProcessing cmdlet does not generate delegate permissions to universal security groups in Exchange Server 2013

    • 3009631 Advanced Find against the Sent Items folder in Outlook returns no result in Exchange Server 2013

    • 3009612 Outlook Web App shows organization details on the contact card beyond the scope of user ABP in Exchange Server 2013

    • 3009291 Shared mailbox cannot be opened in Outlook in an Exchange Server 2013 environment that has multiple domains

    • 3008453 Cannot edit or delete forms from the organizational forms library in Exchange Server 2013

    • 3008438 User who is trying to Log on to Exchange Admin Console is logged in to OWA instead

    • 3006672 Move request fails if the IsExcludedFromProvisioning option is true in Exchange Server 2013

    • 3005391 Exchange Server 2013 Cumulative Update 5 breaks free/busy lookup from Exchange Online to Exchange Server 2007

    • 3003986 RejectMessageReasonText in transport rule appears in the user section of a DSN in Exchange Server 2013

    • 3001217 TLS 1.0 is hardcoded for SMTP traffic encryption in Exchange Server 2013

    • 3001037 Distribution group cannot send email messages to a mail enabled public folder in an Exchange Server 2013 environment

    • 2999031 A cross-forest mailbox move from Exchange Server 2007 to Exchange Server 2013 finishes with CompletedWithWarnings status

    • 2998144 New-MoveRequest cmdlet with RemoteLegacy parameter cannot perform a cross-forest mailbox move

    • 2988553 Add-ADPermission and Remove-ADPermission can be run outside the management scope in Exchange Server 2013

    • 2981538 Exchange Control Panel crashes when you proxy from Exchange 2013 to Exchange 2010

    • 3014051 Cannot migrate mailboxes in a multiple domains environment in Exchange Server 2013

    • 3012986 ContentIndexRetryQueueSize value for a passive node never drops to zero in Exchange Server 2013 Cumulative Update 6

    • 3004011 Sound alerts do not work in Outlook Web App when new email or calendar notification is received in Exchange Server 2013

    • 3003580 Event ID 4999 and 4401 when the Microsoft Exchange Replication service crashes in Exchange Server 2013

    • 3003518 "550 5.7.1" NDR when you send messages to external recipients in an Exchange Server 2013 hybrid environment

    • 3003068 Cannot see online archive mailbox after you upgrade to Exchange Server 2013 Cumulative Update 6

    • 3000944 Subfolders under the Deleted Items folder are not visible in Outlook in an Exchange Server 2013 environment

    • 2997847 You cannot route ActiveSync traffic to Exchange 2007 mailboxes after you upgrade to Exchange 2013 CU6

    • 2997355 Exchange Online mailboxes cannot be managed by using EAC after you deploy Exchange Server 2013 CU6

    • 2997209 Exchange Server 2013 databases unexpectedly fail over in a co-existence environment with Exchange Server 2007

    • 2995263 OAB cannot be rebuilt if the .flt file is larger than two GB in Exchange Server 2013

    • 2994216 PublicFolderMoveRequest deletes all read or unread state in target mailbox for each user in Exchange Server 2013

    • 2993871 Resource Booking Assistant crashes after you upgrade to Exchange Server 2013 Cumulative Update 5

    • 2983216 Category setting on an item in Outlook jumps the selection to the top of the list in an Exchange Server 2013 environment

    • 2931223 MAPI virtual directory is missing from Default Web Site node

     

    Some Items For Consideration

    As with previous CUs, CU7 follows the new servicing paradigmthat was previously discussed on the blog.  The CU7 package can be used to perform a new installation, or to upgrade an existing Exchange Server 2013 installation to CU7.  You do not need to install Cumulative Update 1 or 2 for Exchange Server 2013 when you are installing CU.  Cumulative Updates are well, cumulative.  What else can I say…

    After you install this cumulative update package, you cannot uninstall the cumulative update package to revert to an earlier version of Exchange 2013. If you uninstall this cumulative update package, Exchange 2013 is removed from the server.

    Note that customised configuration files are overwritten on installation.  Make sure you have any changes fully documented!

    CU7 contains AD Schema updates – please test and plan accordingly!

    Please enjoy the update responsibly!

    What do I mean by that?  Well, you need to ensure that you are fully informed about the caveats with the CU  and are aware of all of the changes that it will make within your environment.  Additionally you will need to test the CU your lab which is representative of your production environment.

    Cheers,

    Rhoderick

  • Exchange 2010 SP3 RU8 Released

    The Exchange team today announced the availability of Update Rollup 8 for Exchange Server 2010 Service Pack 3. RU8 is the latest rollup of customer fixes available for Exchange Server 2010. The release contains fixes for customer reported issues and previously released security bulletins.  In addition to addressing previous security issues, Exchange 2010 SP3 RU8 also corrects the security issue MS14-075.  For Exchange 2010 this is also discussed  in Outlook Web App Token Spoofing Vulnerability - CVE-2014-6319.

    Update 12-12-2014:  Exchange Server 2010 SP3 Update Rollup 8 has been re-released to the Microsoft download centre resolving a regression discovered in the initial release. The updated RU8 package corrects the issue which impacted users connecting to Exchange from Outlook. The issue was isolated to the MAPI RPC layer and was quickly remediated to deliver the updated RU8 package. The updated RU8 v2 package is version number 14.03.0224.002

    Update 10-12-2014:  Please see comments at the end of this post with an issue relating to RPC Client Access.  There is a TechNet forum where the community is discussing this issue.  In the RPC Client Access the forum post notes that the following can be observed: “Log Watson: [IndexOutOfRangeException] Index was outside the bounds of the array”.

    Update 10-12-2014:  Exchange 2010 SP3 RU8 has been removed from the download centre until the above issue has been resolved. 

    Exchange 2013 SP3 RU8 Download

    This is build 14.03.0224.002 of Exchange 2010 (14.03.0224.001 was the initial SP3 RU8 build)  , and KB2986475 has the full details for the release.  The update file name is Exchange2010-KB2986475-x64-en.msp.

    Note that this is only for the Service Pack 3 branch of Exchange 2010.  Why?  Exchange 2010 SP2 exited out of support on the 8th of April 2014and will no longer receive updates.

     

    Updates Of Particular Note

    • This RU addresses security issues noted in bulletin MS14-075
    • 3009132 Hybrid mailbox moves to on-premises environment but finishes with CompletedWithWarnings status
    • 3008308 Public folder database migration issue in a mixed Exchange Server environment
    • 3007794 Hub Transport server cannot deliver messages when a database fails over to a cross-site DAG in Exchange Server 2010

     

     

    Issues Resolved

     

    • 3004235 Exchange Server meetings in Russian time zones as well as names of time zones are incorrect after October 26, 2014

    • 3009132 Hybrid mailbox moves to on-premises environment but finishes with CompletedWithWarnings status

    • 3008999 IRM restrictions are applied to incorrectly formatted .docx, .pptx, or .xlsx files in an Exchange Server 2010 environment

    • 3008370 Group members are not sorted by display name when HAB is used with OAB in Exchange Server 2010

    • 3008308 Public folder database migration issue in a mixed Exchange Server environment

    • 3007794 Hub Transport server cannot deliver messages when a database fails over to a cross-site DAG in Exchange Server 2010

    • 3004521 An Exchange server loses its connection to domain controllers if a public folder server is down in Exchange Server 2010

    • 2999016 Unreadable characters when you import ANSI .pst files of Russian language by using the New-MailboxImportRequest cmdlet

    • 2995148 Changing distribution group takes a long time in an Exchange Server 2010 environment

    • 2992692 Retention policy is not applied to Information Rights Management protected voice mail messages in Exchange Server 2010

    • 2987982 Issues caused by ANSI mode in Exchange Server 2010

    • 2987104 Email message is sent by using the "Send As" instead of "Send on Behalf" permission in Exchange Server 2010

    • 2982017 Incorrect voice mail message duration in Exchange Server 2013 and Exchange Server 2010

    • 2977279 You cannot disable journaling for protected voice mail in Exchange Server 2013 and Exchange Server 2010

      

    Important Notes

    Now, before we rush off to download and install this there are a couple of items to mention!

     

    • Test the update in your lab before installing in production.  If in doubt test…

    • If the Exchange server does not have Internet connectivity then this introduces significant delay in building the Native images for the .Net assemblies as the server is unable to get to http://crl.microsoft.com.  To resolve this issue, follow these steps:

      1. On the Tools menu in Windows Internet Explorer, click Internet Options, and then click the Advanced tab.

      2. In the Security section, click to clear the Check for publisher's certificate revocation check box, and then click OK.

      We recommend that you clear this security option in Internet Explorer only if the computer is in a tightly controlled environment. When setup is complete, click to select the Check for publisher’s certificate revocation check box again.

    • Update Internet facing CAS servers first

    • Backup any OWA customisations as they will be removed

    • Test (yes technically this is in here for a second time but it is important!)

    Cheers,

    Rhoderick

  • Office 365 Workshop Links – December 2014

    This is a link throw-down for the items that we discussed during a recent Office 365 workshop that I delivered to customers in sunny Calgary.

    I’m posting the links here since they will be available to all of the attendees, and thought that others may also find them useful/interesting. 

     

    Service Descriptions

    Exchange Online Service Description – required reading!  Especially the limits section.  Read this now.  Do not be surprised…..

     

    Tools

    MXToolbox – useful site to test DNS records, SMTP blacklists etc.

    Remote Desktop Connection Manager (RDCMAN) 2.7 is now available.  Downloadable from here

     

    New MacLook

    New Outlook for MAC - New version of Outlook for MAC (MacLook).

    The new Outlook for Mac includes:

    • Better performance and reliability as a result of a new threading model and database improvements.
    • A new modern user interface with improved scrolling and agility when switching between Ribbon tabs.
    • Online archive support for searching Exchange (online or on-premises) archived mail.
    • Master Category List support and enhancements delivering access to category lists (name and color) and sync between Mac, Windows and OWA clients.
    • Office 365 push email support for real-time email delivery.
    • Faster first-run and email download experience with improved Exchange Web Services syncing

     

    Cross Premises Shared Mailbox Support

    Planning an Exchange hybrid deployment.  This page has the support statement that shared mailboxes and mailboxes accessing them must reside in the same premises. 

    • Mailbox permissions  On-premises mailbox permissions such as Send As, Receive As, and Full Access that are explicitly applied on the mailbox are migrated to Exchange Online if the tenant in Exchange Online has been fully synchronized using Dirsync or AAD Sync. Inherited (non-explicit) mailbox permissions such as permissions applied to the mailbox database and any permissions on non-mailbox objects (such as distribution lists or a mail-enabled user) are not migrated. Therefore, you should recreate these permissions in Exchange Online using the Add-MailboxPermission or Add-RecipientPermission cmdlets.

    • Cross-premises permissions Mailbox permissions such as Send As, Receive As, and Full Access are not supported if the user trying to access the mailbox is in Exchange Online but the target mailbox is on-premises, or vice versa. Typically, when migrating a user mailbox from on-premises to Exchange Online, in order to overcome this limitation, mailboxes belonging to users who have access to the first mailbox should also be migrated at the same time to ensure the delegate scenarios continue to work.

     

    Office 365 Authentication Changes

    Authentication changes to Office 2013.  This was first announced at MEC 2014 and earlier this year on the Office blog.  The November update is here

     

    Training Links

    Microsoft Virtual Academy – multiple training videos

    Office Technical Blog

    Garage Series

     

    DirSync

    DirSync release announcement of Password Sync

    List of Attributes that are Synced by the Azure Active Directory Sync Tool

     How To Run Manual DirSync / Azure Active Directory Sync Updates

     DirSync: How To Switch From Single Sign-On To Password Sync

     

    Random

    Exchange Innovation lab – if only it were real….

    Do fish drown? – yes they do….

    Cheese phobia is  called Turophobia.  It’s a long story…………….

     

    Cheers,

    Rhoderick

  • Exchange ServerName Points To Wrong Or Decommissioned Server

    This post was promoted from the draft bin to production after a customer visit a couple of weeks ago.  When onsite we were looking at how the environment was configured.  The admins had written a series of scripts to determine the environment state which was excellent to see!  One thing that they had assumed though was that the ServerName attribute on a mailbox was where the database was currently mounted.  In this customer’s case they had 12 mailbox servers in the DAG and this data led them to believe that mailboxes were evenly balanced across all of the servers.

    Let’s see what is going on, and what caused the issue.

     

    Starting Configuration

    In this lab we have Exchange 2010 SP3 RU5 servers.  A single Database Availability Group (DAG) exists which has three members  CONSEA-MB1, CONSEA-MB2 and CONDAL-MB1

    No database copies are mounted on mailbox server CONSEA-MB1 apart from DB01:

    Exchange DAG Lab - 3 Mailbox Servers With 3 Copies Of Database

    Just to ensure that there are no MMC refresh issues, PowerShell shows the same:

    Checking Mailbox DatabaseCopyStatus In PowerShell

    Since only DB01 is mounted and active on server CONSEA-MB1, then we should expect to see the same number of mailboxes returned if we check both – no?

    Get-Mailbox –Server CONSEA-MB1

    Get-Mailbox –Database DB01

    Let’s run both commands, and pipe to Measure-Object since that makes it easy to count.

    Comparing Mailboxe Count Differences For -Server & -Database

    Are the numbers the same?  Well, not so much…

    In this case we are only off by one, but this is a tiny test lab and not representative of reasonable production environment.

    What is causing this?

     

    Floating Like A Butterfly, Fixed Like AD

    The ServerName attribute is written to AD when the mailbox is created or moved into that database.  Which name is used?  The server which was hosting the active mailbox copy at that time.  The ServerName attribute is held in AD and is stamped on the user object.  We can see this on the below test mailbox:

    ServerName Property Stored In AD as msExchHomeServerName

    The ServerName value is not updated when the database is activated on another server.  If it were, then that would add considerable overhead to AD replication.  That would make the grumpy triangle people even more grumpy, and we don’t want that!

    Even *IF* this value was updated and replicated by AD, the other issue is replication latency.  AD may take hours to replicate between AD sites.  This is far too slow for certain Exchange database tasks such as updating log generation values which is why we use the cluster database to ensure fast guaranteed updates for critical database information.

     

    To illustrate, let’s activate DB01 on a different server, in this case CONSEA-MB2.  In the below screen shot you will see that DB01 was moved from CONSEA-MB1 to CONSEA-MB2.  Then we check to make sure that there are no other active databases on server CONSEA-MB1.  Finally we re-run the Get-Mailbox –Server cmdlet to see how many mailboxes are stamped with a ServerName attribute of CONSEA-MB1, and if that value has changed from the initial result of 30.

    Does Moving Active Database Copies Change -Server Mailbox Count??

    Has the count changed from the initial value of 30?

    No it has not.  This shows that the attribute is not updated when a *-over event occurs in a DAG.

     

    Moving Mailbox To Different Database

    In the below example we shall move mailbox Test-100 from database DB01 to DB02.  The initial ServerName value is CONSEA-MB1.  DB02 is currently mounted on server CONDAl-MB1.  This is indicated in the red box below.   Note that once the move request completes, the ServerName value is updated with the name of the mailbox server which hosted the active copy of the database at that point –> CONDAL-MB1.

    Moving Mailbox To Different Database Changes ServerName

    Again, we see in the below example that activating another copy of the mailbox does not change the ServerName value.  Initially it was mounted on CONDAL-MB1, then moved to CONSEA-MB2.

    Same Behaviour for DB02 - ServerName Does Not Update In DAG

     

     

    ServerName Takeaway

    In a DAG environment, the ServerName attribute becomes less useful as there are typically multiple copies of a given mailbox database which can seamlessly transition between multiple servers.  The ServerName attribute is not updated in AD when the *-over event occurs.

    The ServerName value is stamped based on where the database was mounted when the mailbox was created or last moved.  It is possible to get it to update by running:

    Set-Mailbox <user> –Database samedatabasename

    Updated ServerName Attribute After Running Set-Mailbox

    Note that we are setting the  same database to the user.  In the lower line the ServerName field has now been updated.

    When determining how many databases are actually running off a given mailbox server in a DAG, it is necessary to see what databases are currently mounted on each mailbox server and then enumerate the mailboxes from there.  This could look something like the below one-liner:

     $(Get-MailboxServer | Get-MailboxDatabaseCopyStatus | Where-Object {$_.Status –eq “Mounted”} | Sort-Object) | ForEach-Object { Write-Host $_.DatabaseName (Get-Mailbox –Database $_.Databasename –ResultSize Unlimited).Count }

     

    Please note that the above is one line, and it may wrap.

     

    Cheers,

    Rhoderick

  • Microsoft Certified Master – 5 Years On

    Time flies.  It’s now been 5 years since I completed the Exchange 2007 Microsoft Certified Master course in not so sunny Redmond.  That was MCM rotation 4, which was the last Exchange 2007 rotation.  If memory serves me correctly we started on the Monday the 2nd of November 2009 and finished on Saturday the 21st. 

    During this Exchange love fest we had a total of 4 tests.  3 written tests and the qual lab.  After each week there would be a written test which covered the content from the preceding week.  For us it was on the following Monday.  Though in week 3 we had the week 2 content tested on the Monday, the week 3 exam on Friday and the qual lab the next day (Saturday).  Owch, that is still painful even thinking about it.  The below MCP exam transcript does not really do justice to the effort, cost and blood spent to earn each line….;.

    RMILNE Exchange MCM Transcript

    One common comment is that this is a marathon of Exchange!  To get through it and stay healthy is a challenge. I elected to stay at the silver cloud hotel and walk to campus daily.  That 15 minute walk there and back at the end of the day was a blessing!  Before settling down to do more study at the end of a 12 hour day, I got into the habit of swimming in the highly chlorinated pool.  And to assist with memory retention whilst in building 40, paid many frequent visits to one of Starbucks coffee dispensing contraptions. 

    Then there came the crazy little thing called the qual lab…

    On the topic of other crazy little things, November the 24th is also the day that Freddie Mercury died.  *

     

    Greg, as only Greg can/will do, blogged as we were doing the qual lab in his normal style: 17 Frowns and a Box of Donuts.  At the end of the day there were 10 happy souls, though only 9 knew about it.  One person thought that they had not completed the final task, but they had.  They just needed cached store data to expire and everything was perfect!

    What has happened since that?  Lots of good stuff, and some bad…

     

    Good Stuff

    There was a great bunch of people in my rotation.  And to this day we still all help each other out and that is one of the best outcomes from the MCM.  The same is true for the wider MCM community.  These are the most passionate and capable people that you’d every dream of working with and it is a vibrant community.  Every day I learn some arcane aspect of Exchange. 

    12 months after this we had a mini-reunion and a lot of MCM R4 came back to do the Exchange 2010 MCM upgrade course.  This was a beast.  Lots of content compressed into a single week, with a written exam at the end followed by yet another qual lab.  There were 25 people attending, all of which were existing MCMs and only half a dozen walked away fully upgraded.  Thankfully I was one of them, but it was rough.  I seem to remember not being able to sleep with my leg muscles going into spasm.  After completing the written test things  was a blur. Then the qual lab was done on vapours and RockStar (thanks for that Dan S!).  Did I say it was a tough week?

    There used to be a nice page on the Microsoft learning (MSL) portion of Microsoft.com where you could see all the people who had passed MCM/MCA and agreed to their name being publically displayed.  Now there are a series of PDF files in lieu. 

    Having my brain melted with all of the MCM content certainly helped the technical interviews when applying to Microsoft.  I’m still not really sure if Eric wanted to hire me for my technical acumen or since I was crazy enough to crack jokes with them whilst being interviewed.

     

    Bad Stuff

    I clearly remember being up late on a Friday evening in August, when an email popped up.  It was the Friday on a long weekend.  This was from MSL and it said that the MCM programme was being cut.  I read it.  Then re-read it and was wondering if the date was not the 1st of April.  Unfortunately the date was the 30th of August 2013 and the email was real. 

    Neil has the content of letter posted, and there are some “interesting” comments. 

    While I can understand that MSL has the right to change/cancel any one of its programmes, the way that all of the MCM programmes were cancelled was inexcusable.  IIRC there were non-exchange rotations currently in-progress when the news was released, and Exchange rotations starting in the near future.  When a standard MCP exam is scheduled to retire there is significant amount of notice given so people can plan accordingly.  One can only imagine why this was not also afforded to the MCM track.  An MCP exam costs $150 USD.  MCM was $18,500 or so….

    The other not so good memory, relates to walking to the qual lab.  After drinking a can of RockStar I then walked to campus.  Half way up the hill I thought the scene in Alien featuring John Hurt was being re-enacted and my heart was about to detach itself.  That was the last time I drank that potion,  Well until the next qual lab!

    Cheers,

    Rhoderick

    * – That was 1991.  Time certainly does fly. 

  • Remote Desktop Connection Manager Download (RDCMan) 2.7

    The venerable Remote Desktop Connection Manager (RDCMan) 2.2 was starting to show its age. 

    After a slight hiatus, RDCMan 2.7 is now available.  Please say thank you to Julian Burger for the early Christmas present.  Remote Desktop Connection Manager (RDCMan) is a great tool to consolidate multiple RDP connections into a single window to prevent desktop clutter.

    RDCMan 2.7 supports Windows 8, 8.1, Server 2012 and 2012 R2.

    RDCman 2.7 Download

    The tool can be obtained from the Microsoft download centre

     

    Installation Pointers

    There are a couple of things worth noting about the tool:

    It will install into the x86 Program Files folder on a x64 machine: 

    C:\Program Files (x86)\Microsoft\Remote Desktop Connection Manager

    Do not save your custom RDG files in the installation folder, just in case your local workstation dies and the file is gone. I always keep my .RDG files in a  subfolder of My Documents, which is a redirected folder to a file server. 

    The RDG files are portable, and you can share them within your organisation.  For example, when you get a new admin give them a copy of the RDG files and they are able to review your list of servers and get connected easily – assuming they have the permissions….

    The help file is located in a sub directory called Resources,  - unsurprisingly this is called help.htm

     

    2.7 Fixes & Features

    From the above help file.  Please review the help file for details. 

    New features

    • Virtual machine connect-to-console support
    • Client size options come from the application config file (RDCMan.exe.config) rather than being hard-coded.
    • View.Client size.Custom menu item shows the current size
    • View.Client size => From remote desktop size
    • Option to hide the main menu until Alt is pressed. Hover over the window title also shows the menu.
    • Added Smart groups
    • Support for credential encryption with certificates
    • Better handling of read-only files
    • Added recently used servers virtual group
    • New implementation of thumbnail view for more predictable navigation
    • Thumbnail view remembers scroll position when changing groups, etc.
    • Performance improvements when loading large files
    • Allow scale-to-fit for docked servers (Display Settings.Scale docked remote desktop to fit window)
    • Allow scale-to-fit for undocked servers (Display Settings.Scale undocked remote desktop to fit window)
    • "Source" for inheritance in properties dialog is now a button to open the properties for the source node.
    • Focus release pop up => changed to buttons, added minimize option.
    • Added command-line "/noconnect" option to disable startup “reconnect servers” dialog
    • Session menu items to send keys to the remote session, e.g. Ctrl+Alt+Del
    • Session menu items to send actions to the remote session, e.g. display charms
    • Domain="[display]" means use the display name for the domain name.

     

    Bugs fixed

    • Application is now DPI aware
    • Undocking a server not visible in the client panel resulted in the client not being shown in undocked form.
    • Ctrl+S shortcut didn’t work at all. It now works and always saves, even if there are no detected changes to the file.
    • Shortcut keys didn’t work when focus was on a thumbnail.
    • Add/delete profile in management tab. In same dialog instance, profiles are not updated. Similarly adding a new profile from combo doesn’t update the tab.
    • Window title was not updated when selected node is removed and no new node selected (open a file, close the file.)
    • Connect via keyboard didn’t always give focus when it should.
    • Connected Group would always show itself upon connecting to a machine, regardless of setting.
    • Selecting a built-in group then hiding via menu option didn’t work properly.
    • Editing server/group properties did not always mark a file as changed.
    • Non-changes could result in save prompts at exit. This should no longer happen.
    • Activating the context menu via the keyboard button was not always operating on the correct node.
    • Changing a server/group name doesn’t change window title if the server/group is currently selected.
    • ALT+PAGEUP and ALT+PAGEDOWN hotkeys were switched. This is fixed for new installs—for existing files you’ll want to change on the [Tools.Options.Hot Keys] tab.
    • /reset command line option wasn’t resetting all preferences
    • “Server Tree” option from “Select server” focus release dialog didn’t show the server tree if it was hidden.
    • New file directory now defaults to “Documents”.
    • ListSessions dialog sometimes popped up in a weird location. Now placed within the main window

     

    Finally and most importantly, please say a big thank you to Julian Burger the developer who wrote this and David Zazzo for working to get the tool released initially!!

     

    Cheers,

    Rhoderick

  • Retrieving Cluster Error 1135 From Servers

    In some of the recent posts you will have noted that there have been some issues with VMware, and also network cards dropping packets in packets received discarded.  One symptom of this is that nodes will be removed from the cluster and EventID 1135 is logged into the System log.  EventID 1135  states that the Cluster node was removed from the active failover cluster membership.  In Exchange 2010/2013 this impacts the Database Availability Group (DAG) as the databases will be moved off that server. 

    This is not good, and is something that warrants investigation.  

    To facilitate this I wrote a quick script to review the number of EventID 1135 on Exchange servers in a DAG. 

    Get 1135 Cluster Errors

    The script is available in the TechNet gallery

    It will loop through all Exchange 2010 servers that have the mailbox role, and for each of these servers then determine how may 1135 errors are present in the system event log.  The default value is to search back for the past 90 days.

    As noted in this post for filtering PowerShell, you can edit the query to select different Exchange servers.

    In order to try and improve performance a FilterHashTable was used rather than Where-object:

    $Events = Get-WinEvent -ComputerName $ExchangeServer.Name -ErrorAction silentlycontinue -FilterHashtable @{logname='system'; ID=$EventIDToSearch; StartTime=$SearchDate}

    The output data is saved into an array called $Output.  You can edit the script to choose where the data is displayed.  Either directly under each server as it is queried, at the end of processing or to a CSV file.  By default the other are REMMED out, and the contents of $Output are written to a CSV in the directory where the script is executed from. 

    Comments and feedback are always welcome!

     

    Cheers,

    Rhoderick

  • Critical Schannel Vulnerability - MS14-066

    Not So Happy Security WidgetIn the November 2014 security bulletin there were 14 updates released.  The updates resolved security issues in IE, OLE and Schannel.  It is the latter that is worth calling out for attention since this is the basis of the Microsoft implementation of SSL. Exchange makes heavy use of SSL, and is typically connected to the Internet.

    You can read about the other security details in the security bulletin summary.  CVE also has an entry for the issue.

     

    MS14-066 / MS014-066 is pernicious for several reasons:

    • It applies to all supported versions of Windows from Vista to  2012 R2
    • Server core is affected (though Exchange is not supported on server core)
    • There are no Microsoft workarounds
    • There are no Microsoft mitigating factors
    • To mitigate the risk you must patch
    • The vulnerability allows remote code execution.

     

    Update 16-11-2014:  KB 2992611 has information on known issues.

    Update 18-11-2014: V2 of the bulletin was released.  Details from the update:

    Reason for Revision: V2.0 (November 18, 2014): Bulletin revised to announce the reoffering of the 2992611 update to systems running Windows Server 2008 R2 and Windows Server 2012. The reoffering addresses known issues that a small number of customers experienced with the new TLS cipher suites that were included in the original release. Customers running Windows Server 2008 R2 or Windows Server 2012 who installed the 2992611
    update prior to the November 18 reoffering should reapply the update. See Microsoft Knowledge Base Article 2992611 for more information

     

    As of writing, the MSRC and other security assets do not report that there attacks in the wild since the issue was responsibly disclosed to Microsoft. However it is only a matter of time….

     

    Call To Action

    Test, Validate And Install this update ASAP

    There are other security issues also resolved by this month’s security releases.  For example in TCP/IP which is MS14-070 / MS014-070.  The TCP/IP vulnerability is an elevation of privilege, whereas the Schannel vulnerability allows remote code execution.

    Both are not good, so please let’s get our servers patched and protected!

    Cheers,

    Rhoderick

  • Windows 10 Poor Graphics Performance

    Since there will be a good few folks running Windows 10 who subscribe to the RSS feed, I though it would worthwhile sharing a recent issue I had with my Windows 10 laptop.  This is a Lenovo W530 with ample CPU, SSD and video card performance.  It should run like a beast, but the recently the graphics performance was terrible.  Clicking around between windows took seconds, and searching for applications on the start screen took 5 – 10 seconds.  It felt that glaciers were moving faster than this…

    There have a couple of recent Windows Update driver releases for both the Nvidia and Intel cards.  Both were installed.  Prior to installing these driver updates, the video performance was OK.  

    After upgrading to Windows 10 I had to go into the BIOS and tweak the display settings to stop the laptop from changing settings on the fly.  All was good and done at that point, well apparently not.

    Turns out that there is a setting to allow the driver to revert the BIOS change that I’d just made, and since I had not locked the setting down it got changed and my performance suffered. 

    This is not a brand new issue with Nvidia Optimus solutions.  For example take a peek here for some of the reasons behind why the two cards are used and why this also affects older models such as the W520.

     

    Changing UEFI Settings

    Since the laptop is UEFI based, I initiated the boot to hardware settings from Windows.  The full steps with screenshots are below for reference purposes.

    Windows key + C brings up the charm from the start screen.  Click settings then change PC Settings in the lower right hand corner.  Then from Update and Recovery chose the Recovery  menu option, and then Advanced start-up on the right hand pane.   The machine will restart. 

    Depending upon what hardware you have the BIOS setup options will vary.  This is from a Lenovo W530.  On the Config tab, select display:

    lenovo Thinkpad BIOS - Display Settings

    The graphics device setting provides three options: 

    1. Integrated Graphics
    2. Discrete Graphics
    3. NVIDIA Optimus

    This is the setting that I had previously changed, and told the laptop to use the discrete option.  Job done!  Well, actually no because of the very next option.  Which I totally ignored the first time around…..

    lenovo Thinkpad BIOS - Display Choices

    What is this option?  You can see it highlighted here, with a blurb on the right hand side.  From what I see this is Enabled by default.  This is what allowed the setting to be reverted.

    This time around let’s disable it and lock in the option that we want.

    lenovo Thinkpad BIOS - Disabling NVIDIA Optimus

    Hopefully this provides some relief for those with slow displays.

     

    Do leave a comment to say if it helped or not!

     

     

    Steps to Restart UEFI Machine To Setup Options

    Restarting To Reboot Into UEFI BIOS

    You will then get something similar to the below.  This is Taken from a Windows 10 Preview installation.  Click the Advanced options

    Reboot Into UEFI BIOS - Choose Advanced Options (Please ignore the solar flare)

    Then troubleshoot:

     Reboot Into UEFI BIOS - Choose Troubleshoot

    Then the UEFI Firmware Settings.  Then select restart. 

    Reboot Into UEFI BIOS - Choose UEFI Firmware Settings

    You will now be in the setup screen, and can follow the steps above.

     

    Cheers,

    Rhoderick

  • Disabling IPv6 And Exchange – Going All The Way

    When we are performing the Exchange Risk Assessment, one of things PFE love to check is how servers have been configured for IPv6.  There have been numerous occasions where we have found servers whose admin has said that they have disabled IPv6, but when you look at the server it is not really disabled. 

    When we take a look at the Exchange server, the initial clue is that the network card’s TCP/IPv6 configuration looks like this, where IPv6 is unselected from the NIC. 

    IPv6 Unbound From Network Card

    There seems to be a belief that the simple act of clearing this ticky box disables IPv6 on the server.  That is not the case.  If we check the IP information we quickly see something like this:

    IPv6 Components Still Enabled With IPv6 Unbound Fron Network Card

    ISATAP is part of the IPv6 protocol stack, so IPv6 is blatantly not disabled on this box…..

    This is pretty frustrating, as this is a well documented process and a quick search using one’s favourite search engine quickly shows the steps required. 

    But let’s ask if IPv6 really should be disabled. 

     

    Stop, Hammer Time!

    As Joseph Davies  very eloquently said back in 2009 :

    It is unfortunate that some organizations disable IPv6 on their computers running Windows Vista or Windows Server 2008, where it is installed and enabled by default. Many disable IPv6-based on the assumption that they are not running any applications or services that use it. Others might disable it because of a misperception that having both IPv4 and IPv6 enabled effectively doubles their DNS and Web traffic. This is not true.

    From Microsoft's perspective, IPv6 is a mandatory part of the Windows operating system and it is enabled and included in standard Windows service and application testing during the operating system development process. Because Windows was designed specifically with IPv6 present, Microsoft does not perform any testing to determine the effects of disabling IPv6. If IPv6 is disabled on Windows Vista, Windows Server 2008, or later versions, some components will not function. Moreover, applications that you might not think are using IPv6—such as Remote Assistance, HomeGroup, DirectAccess, and Windows Mail—could be.

    Therefore, Microsoft recommends that you leave IPv6 enabled, even if you do not have an IPv6-enabled network, either native or tunneled. By leaving IPv6 enabled, you do not disable IPv6-only applications and services (for example, HomeGroup in Windows 7 and DirectAccess in Windows 7 and Windows Server 2008 R2 are IPv6-only) and your hosts can take advantage of IPv6-enhanced connectivity.

     

    Exchange 2007, 2010, and Exchange 2013 support IPv6 with the details for each release contained within the documentation for the relevant product.  Note that a dual stack configuration is required.  In other words, for IPv6 to be supported IPv4 must also be enabled. 

     

    Disabling IPv6

    As discussed in KB 929852 the IPv6 configuration can be tuned or disabled via the registry.  This is the DisabledComponents entry which is located here:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters

    Setting DisabledComponents to 0xff disables all IPv6 components except the IPv6 loopback interface. This value also configures Windows to prefer using IPv4 over IPv6 by changing entries in the prefix policy table

    REG.exe query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters /v DisabledComponents
     

    One thing to note is the value specified above for DisabledComponents. It is 0xFF and not 0xFFFFFFFF. Why you may ask as 0xFFFFFFFF was what was documented, no?

    Well yes it was, but it transpires that this adds a 5 second delay to the boot process. Way back with Vista 0xFF was the value used, and the documentation got out of alignment.

      

    Concluding Notes

    Unless there are specific reasons for disabling IPv6 please do not do it.  Microsoft tests Exchange with both IPv4 and IPv6 enabled, i.e. the default configuration. 

    One common theme you will pick up from my blog posts, is that walking the most frequently trodden supported path is a good thing since issues are less likely to crop up.  If an issue does occur, then the priority of a fix being quickly developed is very high.  Corner cases will get less priority and this can cause the fix to be delayed. 

    Please follow the official documentation and KB articles to disable or optimise the IP stack. 

    If there is a business case for disabling IPv6 then do so using the above procedures.  For example there is a case for disabling specific IPv6 features in an Exchange 2007 and 2013 coexistence environment as discussed in KB 2794253

     

    Cheers,

    Rhoderick

  • TechEd Europe Lync Sessions To Go Do

    TechEd Europe starts tomorrow!  It is being held again in the beautiful and amazing city of Barcelona.  You can be sure that TechEd will deliver lots of great product news and information. 

    Barca!You can use the catalog to review all of the sessions, but I wanted to call out a couple of particular interest.  

    The below sessions are being delivered by two of my Canadian colleagues, and internally within Microsoft these sessions have received great feedback, so please add them to your schedule and go get some great Lync content and advanced knowledge.   

     

     

     

    OFC-IL300 Configuring High Availability and Disaster Recovery in Microsoft Lync Server 2013

     

    OFC-IL301 Lync & IIS ARR - What, me TMG?

     

    Connect and meet up with James and Matt, they are amazing guys and I’m very fortunate to have them as colleagues.  Feel free to ask Matt why he loves Yamaha motorcycles, and ask James what makes him happy every day!

    James Parkes - Lync Deity

        Matt Alberga - Lync RockStar

    It seems like a long time since I was last in Barcelona, and it was.  That would have been TechEd 2001, and the memorable UK breakout party still makes me smile.

    Cheers,

    Rhoderick

  • Doh! Windows Update Has Navigation Tabs

    Windows Update is a very important feature in the newer builds of the OS.  If we think back to the NT 3.5/4.0 days the process to obtain updates was very different.  Just to obtain a hotfix you needed to call in, provide credit card details and then obtain the update.  How times have changed!  And for the better!

    This post is one of those Homer moments.  When you realise for the last few years you been doing something somewhat silly! 

     

    Windows Update Screen

    We should all be familiar with the Windows update screen shown below:

    Windows Update - Pending Updates

    In this example we have 15 Important updates to install:

     

    Windows Update - 15 Pending  Important Updates

    And  1 Optional update:

    Windows Update - 1 Pending  Optional Update

     

    How I used To Roll

    Previously I would just click the Optional link as shown in the very first image above.   I'd then tick the relevant updates as it then installs the optional update{s}  and the  important ones.  Clicking the Important link would show those updates and I could never find a way to get back to the Optional ones as clicking Install, will immediately go off and install whatever is currently selected. 

    What I never realised, until last month, was that I can navigate between the two tabs. DOH!

     

    How I Roll Nowadays

    In the left hand side of the window the Important and Optional updates are actually on separate tabs.   This is the highlighted area in the below screenshot. 

    Windows Update - Tab Navigation

    What this means is that you can toggle between then and select the appropriate updates.  When you have chosen the appropriate update then you can click install. 

    How did I ever miss that……??

     

    Cheers,

    Rhoderick

  • Windows 10 Hyper-V Error 0x80070780 – File Cannot Be Accessed By The System

    Last week after showing a client some of new features in Windows 10, they went off and upgraded a laptop to the preview from Windows 8.1.  Initially all seemed to go well.  That is until they tried to start up VMs on their SSD drive.   At that point Mr Sad & Grumpy came to visit. 

    They were getting errors such as:

    • VMName failed to start
    • Microsoft emulated IDE controller failed to power on with error “The file cannot be accessed by the system”
    • Error 0x80070780

    Windows 10 Hyper-V Error 0x80070780 File Cannot Be Accessed By The System

    Looking at the details they saw Error 0x80070780.   That is a fairly generic file system error.  Doing a quick search provided no immediate clues.    Please note the image above has been edited and redacted to remove some customer identifiable information. 

    Uh oh Shaggy, it's now troubleshooting time!

     

    Troubleshooting – Step 1

    Creating a brand new VM, and then powering it on worked perfectly.  There were no issues, and everything worked as expected.    This proves that the hypervisor is loaded and is functioning correctly.

    All of the original VMs continued to experience an error.  We could see all of the files on disk, and superficially at least everything looked OK. 

     

    Troubleshooting - Step 2

    Now that we knew the hypervisor is OK, we went back and reviewed all of the Hyper-V event logs.  That did not provide sufficient detail to fully understand the issue.  Then we went back to the 0x80070780  error.  What was making that error fire?

    A mini Spanish inquisition then ensued!  *

     

    Eureka

    During a barrage of questions, we quickly discussed multiple topics.  This ranged from SSD firmware issues, previous issues with the SSD drive and also what was the history with that particular laptop.  Then there was an epiphany!

    The clue is that the VMs were on an SSD.  This was a small 64GB SSD, and you could image that 64 GB is not a lot of space in today’s world.  To get more VMs onto this small SSD they had followed some of the unsupported 3rd party blog postings on the Internet to install the Windows Server 2012 R2 dedupe feature onto their Windows 8.1 machine. 

    This is not a supported scenario.  When Windows 8.1 was upgraded to Windows 10, the installer does not expect to find the server dedupe feature so it was removed.  All of the VMs that had been deduped were now inaccessible since Windows had no way to understand how to access them. 

    They were able to get access to the VMs by again following unsupported 3rd party blog posts to re-add the Windows 10 server dedupe bits. 

    In this case the admin got a fright, and managed to regain access to their VMs.  However this should be used as a case in point where Microsoft support would not have been able to fully help since this is not a supported scenario. 

    Please note installing the Windows Server dedupe feature onto client builds is not supported

    Cheers,

    Rhoderick

    * No cushions or comfy chairs were harmed during the making of this blog post.

  • Windows 10 Preview - VMs Missing In Hyper-V Manager

    After updating my Windows 8.1 machine to the Windows 10 preview, some of my VMs were no longer visible in the Hyper-V Manager.  Prior to powering on some VMs, all of them were visible.  After powering on, some VMs disappeared in the Hyper-V Manager console. 

    In the screen shot below, there should be 10 VMs displayed which have the prefix of “HA”.

    Honest Guv, There Really Are More VMs.....

    Restarting the Virtual Machine management service made no difference.  The VMs that were not displayed remain in that state, i.e. hidden.

    But they are certainly there! Looking in PowerShell using Get-VM showed all the VMs:

    PowerShell Shows All VMs

    They were still manageable via PowerShell. 

    Get-VM | Where {$_.State –eq “Running”}

    Save VM State Using PowerShell

    If they were saved using PowerShell, then they appear in the GUI once again:

    Get-VM | Where {$_.State –eq “Running”}  | Save-VM

     

    After they had been saved, simply refreshing the Hyper-V Manager made them all re-appear.

    Now You See Them - All VMs Are Visible When They Are Saved

    If the VMs were started up again, some of them would “stick” at the starting phase.  This is highlighted in the screenshot blow.

    Why Is This VM Stuck In the Starting Phase?

    Despite being marked with a status of “Starting” all VMs were all successfully started and were fully accessible.  Refreshing the Hyper-V Manager would then cause VMs to again disappear. 

     

    OK – what is up with that VM?  Why is it saying it is stuck starting, but the VM is actually running?  Why is it not reporting it is in a happy place?

     

    Checking VM Integration Services & Heartbeat

    If we look at the VM Integration Services, there is a difference between a VM that is happy and the one that was stuck in starting phase.  Note the highlighted areas below:

    Get-VMIntegrationService –VMName “VMName”

    Comapring A VM Stuck In Starting With One That Transitions As Expected

    Digging deeper, how does the VM heartbeat appear for these VMs?

    Get-VM  HA* | Select Name,  Heartbeat

    Using PowerShell To Check VM Heartbeat

    As indicated with the big red arrow, there is a bit of a difference…..

     

    Fixing This Up

    In the Windows 10 Preview, there is currently an issue if the VM heartbeat is reported as unknown.  In this case, VMs do not appear in the Hyper-V Management console.

    To workaround this issue, disable the heartbeat for these VMs.  The following command will disable the heartbeat for VMs that have a status of “OKApplicationsUnknown”.

    Get-VM  | Where {$_.Heartbeat -eq "OkApplicationsUnknown"} | Disable-VMIntegrationService Heartbeat

    After running the above command and refreshing the Hyper-V Manager the VMs are now visible!  The naughty VM listed above is now in the running state and all is good!

    Windows 10 Hyper-V VMs Now Visible

    Please remember that this is the initial preview of Windows 10, and that this article was written specifically for the preview.

    Cheers,

    Rhoderick

  • Office 2010 SP2–You Did Upgrade, Right?

    Six months ago, we discussed that Office 2010 SP1 support was drawing to a close.  This means that you now need to have Office 2010 SP2 deployed on all machines as the end of Office 2010 SP1 support is the 14th of October 2014. 

    Office 2010 Support Lifecycle Dates

    The Microsoft support lifecycle site has the above details.

    One thing to note here!  Since I am focussed on messaging, the main thingy in the Office stack that I work on is Outlook.  But note that there is not an Outlook 2010 service pack.  This is the OFFICE 2010 service pack.  Why is this important?  Well this means assessing the impact of updating all of the installed Office 2010 bits and ensuring compatibility with your various applications and services.  This is worth mentioning as it can be no small task to do so in a large enterprise environment, and those customer will have been planning this install for months!

    While we are discussing Outlook 2010 specifically here, the same holds true for all products covered with the Microsoft support lifecycle.  Please sign up for the Microsoft Support Lifecycle Quarterly Update Newsletterto stay abreast of supportability dates and ensure you get the support you deserve!

    Cheers,

    Rhoderick

  • How To Check Exchange Autodiscover SRV Record Using Nslookup

    Generally the Exchange external Autodiscover DNS entity is configured as a regular A record.  Sometimes a service record (SRV) is used instead.  Since I have the habit of forgetting the syntax of quickly querying for the SRV record, this is one of those shared bookmark posts!

    Nslookup is the tool of choice here!  It's documentation can be found on TechNet.

     

    There are two ways to run nslookup – interactive and noninteractive.  Noninteractive is good when you know that you only want to query a single piece of data.   Let’s take a peek at an example of each.  We will check for the _autodiscover SRV record in the Tailspintoys.ca domain.  The record points to a host called autod.tailspintoys.ca.  The full format of this record is:

    _autodiscover._tcp.tailspintoys.ca

    For more reading on SRV records, take a peek at this article.  And for Autodiscover in general please review this post

     

    Nslookup – Noninteractive

    Open a cmd prompt and run

    nslookup -q=srv _autodiscover._tcp.tailspintoys.ca

    You should see the below output.  Note that the svr hostname will be the Autodiscover target.

    Using Nslookup In NonInteractive Mode To Query For Exchange Autodisocver SRV Record

    In this example we launched Nslookup in noninteractive mode.  The query type is set to SRV and then we checked for the _autodiscover._tcp.tailspintoys.ca record.

    Nslookup - Interactive

    Open a cmd prompt and run:

    1. nslookup
    2. set q=srv
    3. _autodiscover._tcp.tailspintoys.ca

    Using Nslookup In Interactive Mode To Query For Exchange Autodisocver SRV Record

    In this example we launched Nslookup in interactive mode, so we can interact with it.  The query type is set to SRV and then we checked for the _autodiscover._tcp.tailspintoys.ca record.

     

    Reference – Autodiscover Exchange SRV Record Configuration

    For reference purposes, the steps to add a Autodiscover SRV record will be something like the below.  They are intended to be general so please follow any specific notes or items for the DNS registrar you are using!

     

    In your DNS zone editor ad a SRV record with the following information:

    • Service _autodiscover

    • Protocol _tcp

    • Name   Enter one of the following values:

      • Enter @ if your registered domain is your cloud-based domain. For example, if your registered domain is contoso.com and your cloud-based domain is contoso.com, enter @.

      • Enter the subdomain name if your cloud-based domain is a subdomain of your registered domain. For example, if your registered domain is contoso.com, but your cloud-based domain is the subdomain test.contoso.com, enter test.

    • Priority 10  (or as per your design)

    • Weight 10  (or as per your design)

    • Port 443

    • Target server.contoso.com   (in the example above this was autod.tailspintoys.ca)

    • TTL   Verify that an appropriate TTL is selected, 1 hour is a common default.  (If you are approaching a migration, this should be decremented to allow for quicker cutover)

     

    In addition to the SRV record pointing us to the correct location, we also have to ensure that there is a valid certificate installed which is published to the Internet.  This could be something as simple as a NAT rule with the appropriate firewall rule for TCP 443 or it could involve TMG or a load balancer's APM. 

    The choice as they say - is yours!!

    Cheers,

    Rhoderick

  • How To Run Manual DirSync / Azure Active Directory Sync Updates

    Depending upon the version of the sync solution that you are using to replicate directory data from on-premises Active Directory to Office 365 there are different commands that you will need to use.

    We can see a listing of the DirSync versions on the TechNet wiki.   And for AAD Sync, the version listings are on MSDN.

     

    Azure Active Directory Sync Services (AAD Sync)

    In September 2014 the Microsoft Azure AD Sync tool was released.  This changed how manual sync requests are issued.

    To perform a manual update we now use the DirectorySyncClientCmd.exe tool.  The Delta and Initial parameters are added to the command to specify the relevant task. 

    This tool is located in:

    C:\Program Files\Microsoft Azure AD Sync\Bin

     

    The steps to migrate from DirSync to AAD Sync are listed here.

     

    Windows Azure Active Directory Sync -  June 2014 Build 6862 Onwards

    With build 6862 the PowerShell module has moved.  The location for this module is now:

    C:\program Files\Windows Azure Active Directory Sync\DirSync\ImportModules,ps1

    To allow us to execute the Start-OnlineCoexistenceSync cmdlet we can either:

    • Open Windows PowerShell and run Import-Module DirSync
    • Open Windows PowerShell, and run the Import-Modules.ps1 file listed above.

     

     

    Windows Azure Active Directory Sync – April 2014 Builds Older Than 6765

    In the older builds of DirSync, we would use the DirSyncConfigShell.psc1 that was located in:

    C:\Program Files\Windows Azure Directory Sync

    or

    C:\Program Files\Microsoft Online Directory Sync

     

     

    Cheers,

    Rhoderick

  • Awareness – Is Your Federation Trust Metadata Updated?

    Imagine the scenario -- all is working well with your Office 365 hybrid solution until you come into the office tomorrow morning and you get calls saying on-premises users are unable to see the free/busy information for mailboxes in Office 365.  While this sounds like a bad dream, this reality could come true tomorrow morning, so let’s to check to make sure that this does not happen!

    The background here is that there is a planned change to the Microsoft Federation Gateway (MFG).  A certificate is being updated which means customers with a federation trust to the MFG must refresh their configuration so that they are aware of the new certificate.  While this will affect Exchange hybrid deployments, it will also affect on-premises deployments that have a trust to the MFG. 

    Exchange 2013 SP1 systems installed onto Windows Server 2012 will automatically update themselves, but previous versions of Exchange will not.  The same is true for Exchange 2013 installed onto Windows Server 2008 R2.  Either you do this manually or create a scheduled task to periodically do this work for you.  The steps to create the scheduled task are in the link to the planned change. 

     

    Update 31-10-2014: Added nuance above to call out that manual work will be needed when Exchange 2013 is installed onto Server 2008 R2.

     

    Updating FederationTrust Metadata

    The steps to update the MFG metadata are straight forward.  Open the Exchange Management Shell and run:

    Get-Federationtrust | Set-FederationTrust –RefreshMetadata

     

    In the example below,  the optional –Verbose option was added:

     

    Testing Federation Trust

    We can use the Test-FederationTrust cmdlet to validate the Federation Trust to the MFG.

     

    This is before updating the metadata:

    Running Test-FederationTrust Before Updating Metadata

     

    After Get-Federationtrust | Set-FederationTrust –RefreshMetadata  was executed this is the result:

    Running Test-FederationTrust After Updating Metadata

     

    Test CAS User Required To Run Test-FederationTrust Cmdlet

    If you have not created the test CAS account to run some of the other test cmdlets or for SCOM, then you will receive the below error:

    Couldn't find object "extest_blahblahblahblah". Please make sure that it was spelled correctly or specify a different object

    Couldn't find object "extest_4ca5fda1c3994". Please make sure that it was spelled correctly or specify a different object.

    This is a test lab with a single mailbox server so I ran the below to create a single test CAS mailbox. 

    Get-MailboxServer | .\New-TestCasConnectivityUser.ps1

    Note that in Exchange 2010 there is only one extest account per AD site. 

     

    Viewing Certificate Details in Federation Trust

    Use the Test-FederationTrustCertificate cmdlet to see the certificates:

    Test-FederationTrustCertificate

    Additionally we can also look at the Get-FederationTrust cmdlet to  see the certificates.  The below screenshots show the certificates before and after updating the Federation Trust. 

    Note that in the screenshot below from prior to updating the metadata, the TokenIssuerPrevCertificate  Expires on the 15th of July 2015.

    TokenIssuerPrevCertificate  Expires on 15th July 2015

    After updating the metadata, the certificates have been changed so that the above TokenIssuerPrevCertificate   certificate has ben replaced:

    TokenIssuerPrevCertificate  Expires on 19th November 2018

     

    Go forth and update your metadata, if you have not done so already!

     

    Cheers,

    Rhoderick

  • Using ADPropertiesOnly With Exchange Virtual Directory Cmdlet Shows False Positives

    Previously we discussed an interesting feature of the Exchange virtual directory cmdlets where they check data stored in AD, rather than making a trip to the server and querying its IIS metabase.  For the details on this, please read the original post here: Slow Response To Exchange Virtual Directory Cmdlets.

    In that article we were using the ADPropertiesOnly switch so that it was very quick to review all of the URL settings on hundreds of Exchange servers.  This worked very well, and saved many hours of waiting for remote servers to respond.

    Then one of my colleagues noticed an issue checking the auth types on the virtual directory, which was initially interpreted as a false positive by the customer.

    In the below example we are running two commands.  The first one is what most folks normally use and then in the second example the ADPropertiesOnly switch is added.

    Get-OWAVirtualDirectory –Server Consea-HT-Cas1 | Select Name, *auth*

    Get-OWAVirtualDirectory –Server Consea-HT-Cas1 –ADPropertiesOnly  | Select Name, *auth*

    Get-OWAVirtualDirectory - Checking Authentication Types Set In Metabase

    Looking at the output closely we can see that there are differences in the output.   For example, look at the BasicAuthentication field.  This is highlighted below to show the difference.

    Highlighted Basic Authentication Line

    When looking at the ADPropertiesOnly line, BasicAuthentication is reported as $False.

    Checking in the IIS console locally on the server, we can see that Basic Auth is present and enabled:

    Basic Authentication Enabled In IIS Console

    The properties in the Exchange 2010 Management console are shown below for this OWA virtual directory.  Note that it shows the default permissions for an Exchange 2010 SP3 box.  Forms based auth is selected, and the tick boxes for integrated windows and basic auth are implicitly enabled.

    Current Authentication Settings In Exchange 2010 Management Console

    What’s up?  Why is ADPropertiesOnly showing $False  for basic auth when basic is enabled?

     

    Caveat Emptor

    Looking at Exchange 2013’s Get-ActiveSyncVirtualDirectory cmdlet, we see the following description for ADPropertiesOnly:

    ADPropertiesOnly switch specifies whether to return only the properties about the virtual directory stored in Active Directory. The properties stored in the Internet Information Services (IIS) metabase aren't returned

    The OWA virtual directory object is stored in the below location in AD’s configuration naming context:

    Dn: CN=owa (Default Web Site),CN=HTTP,CN=Protocols,CN=CONSEA-HT-CAS1,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Contoso,DC=com

    The auth properties are listed below for reference, but do not manipulate them directly:

    msExchExternalAuthenticationMethods: 4;
    msExchInternalAuthenticationMethods: 23;

    So we can see that Exchange is able to query against the values stored in AD.  This is returned in the msExchInternalAuthenticationMethods cmdlet out.  However the additional metabase properties are not returned.

    The way this is shown in the cmdlet output using ADPropertiesOnly is with a $False.  Maybe $Null could have been used.

    Either way, the net result is that ADPropertiesOnly works great for those properties that do not require a trip to the metabase and be careful to ensure that you don’t read too much into a false positive result.  Use the attributes that are stored in AD for such comparisons – the ExternalAuthenticationMethods and InternalAuthenticationMethods

     

    Cheers,

    Rhoderick

  • Awareness – Litigation Hold Or In-Place Hold Folder Deletions Not Preserved in Exchange 2013 OWA

    Please be aware of an emerging issue in Exchange 2013 and Exchange Online.  In a delegate scenario it is possible that OWA can be used to delete a folder from the other user’s mailbox and not appear in the Deleted Items section of the recoverable items folder. 

    This is covered in KB 2996477  -- Folder deletions are not preserved for mailboxes put on litigation or in-place hold in Exchange Server 2013 OWA.

    Update 15-9-2014:  Bharat tweeted that the Office 365 fix is being rolled out and CU7 is the target delivery mechanism for on-premises customers. 

    Consider the following scenario:

    • You are using Microsoft Exchange Server 2013 or Microsoft Office 365.
    • In this scenario, you have two users, User A and User B.
    • User A’s mailbox is put on a litigation hold or in-place hold.
    • User B’s mailbox is not put on a litigation hold or in-place hold.
    • User A designates User B as a delegate to User A's mailbox.
    • User B uses Outlook Web App (OWA) to access User A’s mailbox, and deletes a folder from User A’s mailbox or moves the folder to User B’s mailbox.

    In this scenario, the deleted or moved folder items do not appear in the "Deleted Items" section of the Recoverable Items folder.

     

    Please monitor the KB for updates and progress on this issue.

    Cheers,

    Rhoderick

  • Set AdminSessionADSettings ViewEntireForest To True By Default

    In Exchange 2010 the Set-AdServerSettings  cmdlet is used to manage the AD environment in the current Exchange Management Shell (EMS) session.  In Exchange 2007 there was a variable called AdminSessionADSettings  for the same purpose.  Exchange admins normally use the Set-AdServerSettings cmdlet to change a session’s view scope, so that they can see objects in multiple domains.  By default EMS places the focus on the local domain. 

    This can become tedious if we have to change scope at the start of every EMS session. 

    This was exactly the question posed during a recent workshop - How to set EMS so that it will default to the forest?

    Please note: If any issues are caused by changes in the method outlined below, Microsoft support may request that the changes are removed since they are not officially tested or documented by the Exchange Product Group. You are also advised to document the initial settings so any change can be successfully reverted. 

    While we are on the support topic, directly loading the Exchange 2010 and 2013 PowerShell snap-in is not supported except in very specific scenarios.  Those scenarios are documented in release notes and certain KB articles.  The snap-in should not be loaded directly, and a regular remote PowerShell must be used for all normal activities. 

    PowerShell Profile Pandemonium

    PowerShell does have the option to embed commands into the profile so that they are executed when PowerShell is started.  However if you try to add the Exchange 2010 Set-ADServerSettings cmdlet into the PowerShell profile you will receive an error stating that the cmdlet cannot be found.  This is since the remote PowerShell session has not been establish to make the Set-ADServerSetting cmdlet available.  Bit of a chicken and egg situation…

    For completeness sake, this is what some folks will try to do and modify the PowerShell profile.  Please see here for more details on PowerShell profiles you can ask PowerShell by running:

    Get-Help about_profiles | MORE

    If we check the PowerShell $Profile variable, it shows the following location:

    $Profile.PSExtended | Format-List

    Examining Locations For The Different PowerShell Profile Files

    Let’s modify the PowerShell profile that is referenced in the $Profile variable.  This is the one under the user’s documents folder and is the CurrentUserCurrentHost one listed above. 

    Since the folder path does not fully exist, let’s create it and the file with the New-Item cmdlet specifying that it is of type “file”. 

    Creating The PowerShell Profile File

    Then Notepad will open up the file so that we can add the Set-ADServerSettings command.

    Adding Set-AdServerSettings To PowerShell Profile

    Finally we test expecting great results, but what do we see…..

    Adding Set-AdServerSettings To PowerShell Profile Did Not Work Out So Well

    Bah!  Time for plan ‘B’…. 

    Before we move onto plan ‘B’ the above PowerShell profile file should be removed since it does not work.

    Removing The PowerShell Profile File That Was Created

     

    Plan B

    If you view the properties of the Exchange Management Shell shortcut, there are some interesting properties contained within. 

    Examining Exchange 2010 Management Shell Shortcut Properties

    You should see something like so:

    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -version 2.0 -noexit -command ". 'C:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1'; Connect-ExchangeServer -auto"

    What does the above do?  PowerShell is started specifying the version and that it should not exit after completing the command.  The command to execute is the RemoteExchange.ps1 script that lives in the \Bin Exchange directory.  Then there is the continuation character “;” so execution continues and calls one of the functions created by the Exchange scripts “Connect-ExchangeServer”.  As a side note it is these scripts that customise the EMS and provide the Get-ExBlog, Get-Tip and Connect-ExchangeServer functions.  

    Do not modify the Exchange scripts that are signed.  What we can do is shim in an extra command into this shortcut.  Note that the syntax is a little demanding and that the script must be preceded with a “.” prior to the script name.

    Let’s Make an additional Script called StartMeUp.ps1 and place this into the C:\Scripts folder.  This is where the Contoso admins place all of their scripts.  Don’t you?  We will then call StartMeUp.ps1 when the EMS is started.  The properties of the EMS are adjusted like so:

    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -version 2.0 -noexit -command ". 'C:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1'; Connect-ExchangeServer –auto; . ‘C:\Scripts\StartMeUp.ps1’ "

    Please note this is one line, though it may wrap. 

    The contents of the StartMeUp.ps1 file are shown here for reference:

    Set-AdServerSettings -ViewEntireForest $True

    Write-Host
    Write-Host

    Write-Host "Hello Michael, this is KITT.  How are you doing today?" -ForeGroundColor magenta

    Write-Host "Your current ADServerSettings are:"  -ForeGroundColor magenta

    Get-AdserverSettings

    Write-Host

     

     

    When you then open up the Management Shell, now we automatically have the ViewEntireForest Set to $True without having to do anything!

    Exchange Management Shell - Now With ViewEntireForest Set To True By Default And Bonus Magenta Text!

    * - Can you guess what was one of my favourite television programmes from the past?

    One thing to note.  If additional copies were made from the initial EMS shortcut (like a desktop shortcut or pinned to the taskbar) they will likely not have the additional script embedded within them.  You may have to delete and then re-pin to the taskbar.

    Hope this saves you one line of unnecessary typing every day!

     

    Cheers,

    Rhoderick

    * – Bonus points if you can remember the name of the bad prototype of this car!   Hint!

  • Sharing the Registry Editor Favourites Love

    In the previous post on the topic of the Registry Editor’s favourites menu, Andrew Higginbotham was kind enough to point out that there was also an easy way to export the favourites from one machine and import to another.  Since its always good to show how to arrive at a solution, let’s breakdown the process of finding out where this data is squirreled.

    As always we can use the venerable Sysinternals Process Monitor to tell us where the Registry Editor is saving the Favourites data. 

    Brother, Where Art Thou?

    To ensure that we do not capture a load of useless data, we can set a filter in Process Monitor to only show us what regedit.exe is doing.  Click on the filter icon, or use the shortcut of Ctrl + L. 

    In the process Monitor Filter Window add a new filter for process name is regedit.exe

    Process Monitor Filter

    Click Add, and the regedit.exe process is added

    Process Monitor Filter - Include Regedit.exe

    Clear any existing data with Ctrl + X and then make sure the capture is running when we add a test favourite. 

    We should then see that the favourites are stored under

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\Favorites

    This is shown below in the capture: 

    We Have A Winner - Registry Path Found

    On that line in Process Monitor,right click the entry and choose “Jump to” or use Ctrl + J to scoot directly to the registry location where the data is stored. 

     

    Registry Editor Favourites Saved To This Location

    We can also use another neat shortcut to copy the registry path to avoid typos!  Right click the key, and select Copy key name:

    Lazy And I Know It - Copying Registry Key

     

    We can export the registry data from here to a .reg file, take that to another server and import it, but let’s automate this! 

     

    Automated Export

    Let’s use reg.exe to pull out the data:

    REG.exe EXPORTHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\Favo
    rites
    \\Consea-mb1\stuff\Favourites.reg

    Please note that the above command may wrap and is one line.  You will also note that it is saving the .reg file onto a UNC where we can write to.  This can be your home folder or a share where multiple admins have access and you can all access the same shared favourites from  to streamline your operational tasks.  

     

    Automated Import

    To then load up our export file run

    REG.exe IMPORT \\consea-mb1\stuff\favourites.reg

     

    If you are super keen on the feature, go crazy and add it to your server build process Smile

     

    Cheers,

    Rhoderick