Update your Windows 7 SP1 and Server 2008 R2 SP1

In case you’ve missed it, Microsoft released a roll-up update Hotfix for Windows 7 SP1 and Server 2008 R2 SP1 which includes 90 updates (!) post-SP1 – An enterprise hotfix rollup is available for Windows 7 SP1 and Windows Server 2008 R2 SP1

Here’s a quote from the KB:

This article describes a hotfix rollup for Windows 7 Service Pack 1 (SP1)-based and Windows Server 2008 R2 SP1-based computers. This hotfix rollup contains 90 hotfixes that were released after the release of SP1 for Windows 7 and Windows Server 2008 R2. These hotfixes improve the overall performance and system reliability of Windows 7 SP1-based and Windows Server 2008 R2 SP1-based computers. We recommend that you apply this hotfix rollup as part of your regular maintenance routine and build processes for Windows 7 and Windows Server 2008 R2 computers.
Note This hotfix rollup primarily addresses the issues that occur on domain-joined client computers and servers. Therefore, this hotfix rollup is available only from the Microsoft Update Catalog. You can also install this hotfix rollup on computers that are running Windows 7 SP1 in nonenterprise environments. After you install the hotfix rollup, the performance of the computers may be improved.

stay updated 🙂

ilantz

Office 365 Migration Batch Error – Failed to overwrite the existing Migration Job Item found for “user@domain.com”

Hi Again,

During a simple migration (cutoff) to Office 365 Exchange Online, I’ve encountered a few errors that prevented the migration batch to complete successfully, and wanted to share in case anyone is struggling with them.

  • Active Directory operation failed on AMSPR01A001DC01.EURPR01A001.prod.outlook.com. The object ‘CN=user,OU=tenant.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=EURPR01A001,DC=prod,DC=outlook,DC=com’ already exists.

This error states that the migration batch failed to create a new object because that specific name is already taken. sadly enough the value for the CN=xxxx is taken from the alias property of the user/contact/group being migrated from the on-premise server.. and alias is not unique within (most) Exchange deployments.

To Solve this, work with the “alias” property value on your local AD to locate the conflicting objects, work with the results of the migration job and cross-reference until you will eliminate all duplicates of the alias values.

  • Failed to overwrite the existing Migration Job Item found for “user@domain.com” [Mailbox]; the Job Item was created with different Recipient Type [Contact]. You may delete the newly created Mailbox and recreate the actual Contact for user@domain.com.

This error could be a result of your actions to fix duplicates issues, if for some reason the migration batch started with user@domain.com being a contact and that object has changed it will fail to “update/sync” and will continue to expect the original object type which was different in this example a contact.

To solve this Connect to Exchange Online Using Remote PowerShell and work with two commands – Get-MigrationUser and Remove-MigrationUser to remove the incorrect object from the migration batch and then resume it. This will make sure the new (correct) object will be synced successfully. Here’s an example of how to use these commands:

Get-MigrationUser -Identity User@Domain.com | FL

Notice the output here and make sure this is indeed the incorrect object that needs to be removed, and then pipe the output to remove that user from the Migration Batch:

Get-MigrationUser -Identity User@Domain.com | Remove-MigrationUser

Once removed, you can resume the migration again and it should now sync correctly your mailboxes.

Hope this helps !

ilantz

Exchange 2013 Outlook Anywhere Considerations

Hi,

With Exchange 2013 deployments already in place, I’ve wanted to share with you all some “new” behaviors, tips and more to help you prevent headaches and issues 🙂

With regards to two previously posts – Prevent Outlook Anywhere (aka RPC over HTTP) from being automatically configured in Exchange 2007 with autodiscover and also Authentication pop ups and annoyances with Exchange 2007 / 2010 and Outlook Anywhere – this post is some sort of a follow-up.

With Exchange 2013, Outlook Anywhere (aka RPC over HTTP/s) is the default method for Outlook clients connections – that is no more direct RPC connections to the servers for Outlook clients. Exchange 2013 will essentially require you to utilize Autodiscover and Outlook Anywhere to actually get your Outlook client connected. This is the main reason for writing this post. This information will come useful if you are getting ready or already started to deploy Exchange 2013, I’ll try to keep it simple and write this down as a list of things to consider so this will be rather easy to all.

  1. If you followed my post about how to prevent Outlook Anywhere from being configured and removed the EXPR outlook provider, start with restoring it. Run the following powershell command to restore it:
    New-OutlookProvider -Name:EXPR
  2. If you’re using any additional methods to configure Outlook Clients or Outlook Anywhere like, static XML files, Registry settings or Group Policy settings make sure to revise or even remove them. See also http://support.microsoft.com/kb/2212902
  3. Pay attention to publishing guides for Exchange 2013 – see Publishing Exchange Server 2013 using TMG and also Exchange 2013 Client Access Server Configuration
  4. When enabling Outlook Anywhere on Exchange 2013 notice the following:
    1. Retain the current External authentication method (Basic,NTLM) your internal authentication method should always be NTLM.
      Get-OutlookAnywhere –Server (hostname) | Set-OutlookAnywhere -InternalHostname "mail.domain.com" -InternalClientAuthenticationMethod Ntlm -InternalClientsRequireSsl $true -ExternalHostname "mail.domain.com" -ExternalClientAuthenticationMethod Basic -ExternalClientsRequireSsl $true -IISAuthenticationMethods NTLM,Basic -ssloffloading:$false
    2. Enable NTLM on the IIS /rpc directory of your Exchange 2007/2010 servers
      Get-OutlookAnywhere | ?{ $_.AdminDisplayVersion -notlike "Version 15.*"} | Set-OutlookAnywhere -IISAuthenticationMethods NTLM,Basic
  5. Plan the CertPrincipalName value you will use, that is the certificate Subject Name that your clients will use to populate the msstd:server.domain.com value – both internally and externally (reminding you to see the note above). My personal best practice is to use the same Subject Name on the certificate you will use on your External TMG/UAG/Juniper/F5 reverse proxy and your internal server or servers.
    Once you are aware of this value you can configure your Outlook Provider accordingly (you can refer to this post for more information on the subject).
  6. If you installed a wildcard certificate on your Exchange 2013 server – you must perform the following:
    1. Update your EXPR setting – Set-OutlookProvider EXPR -CertPrincipalName msstd:*.company.com
    2. Update your EXCH setting (yes!) – Set-OutlookProvider EXCH -CertPrincipalName msstd:*.company.com
  7. Don’t freak out when you see Exchange 2013 “new” server name – it’s value is actually the Mailbox GUID value, and will be unique for all users. This means that – you must use the Autodiscover wizard to configure outlooks from now on, Email, password and click next.
    If you have full mailbox access to a different mailbox – that’s great- just type it’s email address and enter whatever you want for password. (will work only inside the LAN…)
  8. Don’t forget to update your Outlook clients – or else they will not connect to Exchange 2013 – see Exchange 2013 System Requirements for the exact information.

That’s it for now, while deployments continue I will update this topic with new “gotchas”.

Hope this helps anyone out there.
Ilantz

Missing Microsoft-Server-ActiveSync and OMA virtual directories in IIS and Active Directory with Exchange 2003

Hi Again,

I’ve encountered a situation today with an Exchange 2003 to 2010 migration, The Exchange 2003 Back-End server was missing the virtual directories in IIS, but this issue had an interesting twist … both vdirs were missing also in the Active Directory !

Missing or corrupt virtual directories with Exchange are common and can be easily solved with KB 883380 – How to reset the default virtual directories that are required to provide Outlook Web Access, Exchange ActiveSync, and Outlook Mobile Access services in Exchange Server 2003

Exchange Server setup creates each virtual directory in the AD forest configuration partition under services, microsoft Exchange, administrative groups, administration group name, server name, protocols, http, virtual server name (usually 1).

In this case, both ActiveSync and OMA virtual directories were missing from Active Directory and as a result were also missing from the System Manager MMC, so performing a Repair Setup or the Reset virtual directories method will render useless.. both will not write anything new to the AD.. we had to re-create the two virtual directories both in AD and the IIS, so using System Manager, we try to create a new virtual directory, but the ActiveSync and OMA is greyed out !

Microsoft-Server-ActiveSync and  OMA Missing From Active Directory

Creating New Virtual Directory With System Manager Grayed out

With some searching I’ve reached a solution that worked perfectly (dated back to 2007 from the Microsoft Exchange newsgroup), this will enable the options within the System Manager and allow us to re-create the virtual directories and restore order 🙂

1. Using ADSIEDIT locate the Exchange 2003 server container – services, microsoft Exchange, administrative groups, administration group name and right click the server name to open it’s properties.
2. Locate the Heuristics attribute and note the current value (just in-case…) our value in this case was 805310468.
4. Change the value to 270012416 , click apply and ok.
5. Refresh the Exchange System Manager or close and re-open it.
6. Now, locate the server name within the tree, expend it, expend protocols, expend HTTP, expend the virtual server name and right click to create a new Virtual Directory. You should now be able to recreate the Microsoft-Server-ActiveSync and OMA virtual directory.

Note – This will also reset your RPC over HTTP and other “server specific” settings that you configured on the server using the System Manager GUI. so make sure to note all configurations under the server properties page and re-enable any changes after setting the value.

Credits – http://microsoft.newsgroups.archived.at/public.exchange.setup/200702/07021815421.html

I hope this helps anyone struggling with this,

Ilantz

The action cannot be completed error using Outlook – Exchange 2010 or Office 365

Hi,

Quick note from the field, if you are moving to Exchange Online / Office 365 you should double check your current office group-policy settings and registry for Outlook.

You should make sure that you did not enable the Closest GC setting, or configured a specific global catalog server with the DS Server registry entries under HKEY_CURRENT_USER\Software\Microsoft\Exchange\Exchange Provider

Both registry values, errors and methods for resolution are located at:

http://support.microsoft.com/kb/2507626 – Error in Outlook: “The action cannot be completed. The Bookmark is not valid”

http://support.microsoft.com/kb/319206 – How to configure Outlook to a specific global catalog server or to the closest global catalog server

And if we are on the subject, it’s also a good practice to make sure the following when moving to Office 365:

  • You do not have Autodiscover related registry settings also – http://support.microsoft.com/kb/2212902 – Unexpected Autodiscover behavior when you have registry settings under the \Autodiscover key
  • Make sure that the “Encrypt data between Microsoft Office Outlook and Microsoft Exchange Server” option under account settings of the Outlook Profile is indeed selected. Office 365 is restricting clients to encrypt MAPI traffic – see the following KB for additional information (originally written for Exchange 2010 RTM) – http://support.microsoft.com/kb/2006508

ilantz

Exchange 2013 Migration Batch Stalled Due To Content Indexing CiAgeOfLastNotification

Hi,

I’ve just encountered this issue during a LAB for migrating Exchange 2010 to Exchange 2013, migration batches were getting stuck in Syncing, in addition I noticed two annoying warning messages in the application log of the server with Event ID 1009 and Event ID 1013 with source MSExchangeFastSearch

I’ve looked in the migration report using:
Get-MigrationUserStatistics -IncludeReport -Identity ilantz@lab.com | fl
......
4/28/2013 7:44:46 AM [EX2013] The job is currently stalled due to 'Content Indexing' lagging behind on resource 'CiAgeOfLastNotification(Mailbox Database
.....

So, indeed the Content Indexing which was failing and keeping the migration back… nothing special here, Exchange 2010 had this issue as well …
Quick search showed a very odd solution to this…

Quoting http://support.microsoft.com/kb/2807668 – Content Index status of all or most of the mailbox databases in the environment shows “Failed”

This issue may occur if the search platform tries to check its membership in a security group that is named “ContentSubmitters.” This group is not created by the search platform or by Exchange Server 2013 and is therefore not usually present. Although the check usually fails silently, without any consequences, an exception sometimes occurs. This causes the search component to fail.

Wow … well 🙂 .. hope this will be fixed with CU2.. go with Method 1 in the KB, worked like a charm here.

ilantz

Microsoft Exchange Web Services Managed API 1.1 Download

Hi All,

Following a workaround mentioned on http://support.microsoft.com/kb/2512023 – “GetUserOofSettings”, “SetUserOofSettings” and “GetUserAvailability” operations do not support Exchange Impersonation on the Exchange Server 2010 SP1 schema

Seems like the EWS Managed API 1.1 download link does not work anymore, and it’s virtually impossible to get a hold of the files on the WEB, so I’ve uploaded the redistributable package here for anyone looking around for it.

Anyway – grab it here: Microsoft Exchange Web Services Managed API 1.1

Hope this helps.

ilantz

Exchange Web Service Managed API 1.1, Download – Microsoft ( Non working download links) :
www.microsoft.com/en-us/download/details.aspx?id=13480
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=c3342fb3-fbcc-4127-becf-872c746840e1

Ammy Admin Error 12007 with Windows 8

Hi again,

I’ve been using Ammyy Admin to support family members and friends for a while now, but since I’ve upgraded to Windows 8, the program seems to fail it’s initial connection to it’s public servers upon start up.

It keeps popping out an error window:

Error {12007} occured while connecting to server “http://rl.ammyy.com”
Would you like to change proxy settings?

Ammy Admin Error 12007 Windows 8

To solve this, just open the Ammyy Admin setting menu and un-check the “Run under SYSTEM account on Windows Vista/7/2003/2008” check-box.

Uncheck Run under SYSTEM account

hope you find this useful.

ilantz

TCP/IP KeepAlive, Session Timeout, RPC Timeout, Exchange, Outlook and you

Update June 21th, 2016 following feedback and a (true golden) blog post by the Exchange Team – Checklist for troubleshooting Outlook connectivity in Exchange 2013 and 2016 (on-premises) I’ve updated the recommended values for the timeout settings, and shortened the article overall for better reading. Do read the post in general, and in topic – check the CAS & Load Balancer configuration paragraphs.


Hi Again,

This post will spotlight networking considerations that are mostly overlooked. I’ve gathered a few of these issues that might brought you here searching for an answer:

  • Outlook is retrieving data from the Microsoft Exchange Server
  • The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete this action
  • Sent items are stuck in Outbox or delayed
  • Outlook freezes or stuck when sending a message
  • Event ID 3033 regarding Exchange Server ActiveSync complaining about the most recent heartbeat intervals used by clients
  • Other strange / weird issues “but PING works! / telnet to the port works great!” – my personal favorite

The mentioned issues or symptoms could take place in any network environment, thus more common in complex network setups where multiple devices are protecting / route network traffic. Some typical configurations examples could be one of the following:

  • Outlook Anywhere or RPC over HTTP is being used, servers are protected or published by ISA / TMG / UAG / F5 / Juniper or any other reverse proxy / publishing solutions
  • Exchange servers are located behind a firewall, router or other network device
  • Clients / Remote clients are located behind a firewall, router or other network device (just to be clear on that…)
  • Exchange servers are being load-balanced with an external physical / virtual appliance

If you’ve read this post up until here and got disappointed because the above does not fit your issue, I’d like to suggest reviewing other RPC troubleshooting topics that might help Troubleshooting Outlook RPC dialog boxes – revisited or Outlook RPC Dialog Box Troubleshooting

Exchange Server traditionally (2000 to 2010) used MAPI over RPC to communicate “natively”, RPC is known to be “sensitive” and that’s why Exchange Server 2013 and beyond allows only Outlook Anywhere (RPC over HTTP) connections from clients which in my opinion is a great change that will simplify future deployments.

Client<>Server connections in general remains active while data “flows” , mails are sent/received etc. but when the connection is Idle, we might have a situation that it will be terminated. Here comes the term KeepAlive – a “dummy” packet that makes sure the connection remain active while no data is flowing and idle.

Here’s my “how-to” suggestion:

  • Configure the RPC timeout on Exchange servers to make sure that components which use RPC will trigger a keep alive signal within the time frame you would expect
    reg add "HKLM\Software\Policies\Microsoft\Windows NT\RPC" -v "MinimumConnectionTimeout" -t REG_DWORD -d 120
  • Consider modifying the server TCP/IP KeepAlive to reduce the chance of “IDLE” connections being terminated – (Default is Two hours – The recommended value is 30 minutes , and no less then 15 minutes) – this controls the OS TCP behavior with idle connections, could greatly improve responsiveness and scalability – http://support.microsoft.com/kb/314053/EN-US
  • Make sure that you are aware of any router, firewall or any other network device that is placed between your clients and your servers. Once you do – note their session timeout, session TTL or session ageing setting for the relevant protocol and port! (this could be tricky, so do not treat this lightly)

The trick for success here is that timeout settings should be configured without overlapping one another while following the client access “path” – for example – Client > FW > Load Balancer > Server:

  • FW timeout TCP/IP timeout – 40 minutes
  • Load Balancer – TCP/IP timeout – 35 minutes
  • Server – TCP/IP timeout – 30 minutes

If additional network devices are placed between the server and your clients, make sure that session timeout settings continue to be configured accordingly.
With today’s security measures, network security has become much more complex. A typical corporate network will implement many different network appliances or software based solutions to secure data, restrict access, prevent attacks and unwanted traffic.
Bottom line – don’t think you are done with network considerations just because “ping works” or an email comes with a statement like “your port is now open”.

I hope this post will benefit others as this issue was and will probably remain common with Exchange and other client / server services.

Don’t get timed out 🙂
Ilantz

Additional useful links and sources of data:

Windows 8 Wakes Up From Sleep or Hibernation Unexpectedly

Hi Again,

I’ve upgraded my desktop to windows 8 lately and since the upgrade I’ve noticed that each time the computer enters sleep mode or hibernation it keeps turning on my itself mysteriously and no apparent reason.

Well…no more!! Here’s the actual line of events that led me to the solution:

  1. Went through some event viewer entries, specifically looking at Power-Troubleshooter and Kerner-General source that did not provide me with anything…
    Event ID 1 Source Power-Troubleshooter Wake Source Unknown
  2. Double checked that no one is touching the mouse or keyboard… 🙂
  3. Made sure that the “Allow wake timers” option is not enabled for the active power scheme
    Allow Wake Timers Set To Disabled
  4. Disabled the “Allow this device to wake up the computer” option on the network card adapter Power Management settings tab – you can query all devices that are allowed using the following command (cmd not PowerShell):
    powercfg -devicequery wake_armedAllow This Device To Wake The Computer Disabled

Only after being frustrated again from the computer still waking up with no apparent reason I’ve noticed that it keeps waking up at around specific times, which led me to the conclusion that it’s probably a schedule task that was waking the computer up !
Seems like there is a Media Center task names mcupdate_scheduled that was causing all the trouble !

Wake The Computer To Run This Task Enabled

So, I’ve written a small PowerShell script to disable the “wake the computer to run this task” option from all scheduled tasks at once, and that did the trick!
This script should work fine with Windows 8 or Server 2012 and might serve as an example for manipulating scheduled tasks with PowerShell.

Get-ScheduledTask | ? { $_.Settings.WakeToRun -eq $true -and $_.State -ne "Disabled"} | % { $_.Settings.WakeToRun = $false; Set-ScheduledTask $_ }

Now my computer sleeps and hibernates without waking up ! ZzzzzzzZzzzzZzzzz

Ilantz

Additional Links:

http://superuser.com/questions/503786/windows-8-desktop-wakes-up-immediately-after-sleep-due-to-keyboard-mouse/522628

http://www.howtogeek.com/127818/how-to-stop-windows-8-waking-up-your-pc-to-run-maintenance/