PDT IT Services Blog Posts

An error caused a change in the current set of domain controllers - Exchange 2010

2010-02-04T21:04:00Z

For the last couple of days, a strange error message comes up whenever I started the Exchange Mgmt Console on my EX2010 server. Even after configuring a "fixed" configuration domain controller (from the EMC/select Server Organization/ on the right hand side "Modify Configuration Domain Controller" option is shown), the error still appeared. No matter what part of the GUI I was going through.

The strange thing was, when I logged on with another administrative account on the same server, I did not get this error. So it must be user related than or what?

As such, I did a new test, by renaming my user profile, re-logging on with the administrator account, and voila, the error message was gone.

After some digging in the profile, I found out the following file, which seemed to be the cause of the problem:

c:\users\<specific user>\appdata\roaming\microsoft\mmc\Exchange Management Console

Rename or delete this file, restart the EX2010 EMC and all errors will be gone.

Cheers,

Peter

Where's the message header in Outlook 2010

2009-12-31T13:31:00Z

As an Exchange consultant, I often rely on the power of the Outlook message header to troubleshoot mailflow issues.

However, where this was rather simple in previous versions (rightclick / Options), not so in Outlook 2010 (beta)

Here are the steps to follow:

- Open your specific mail

- Click "File" in the Outlook menu / Info tab is selected / Properties

- this will show a popup window with the message options in as it was in previous versions

Kind regards,

/Peter

McAfee EPO 4.5 installation issues

2009-12-11T21:35:00Z

Hi All,

I've been losing about an hour during the installation of McAfee EPO 4.5 somewhere this week; As you may already know, that always inspires me to write a blog post about it.

All mcAfee EPO config information is stored in an MSDE/SQL 2005 Express db; however, although SQL 2005 Express was installed on the server, McAfee Installation Wizard couldn't find it. After a lot of searching, reinstalling SQL Express,... I found the solution:

- Go into the SQL Server Configuration Manager / network configurations / select the instance (mine was called EPO)

- Make sure TCP/IP Protocol is enabled and take note of it's port number

Back into the McAfee Installation Wizard window, enter the servername and instance correctly (NETBIOS\<InstanceName>)

+ enter the correct TCP/IP port number

This should allow you to continue the remainder of the installation wizard process.

Cheers,

/Peter

DCPromo fails because of error in FSCController

2009-11-24T20:28:00Z

The above mentioned error could come up in the following situation:

- Single server running as Domain Controller, Exchange 2007 or 2010 and Forefront Antivirus for Exchange

During migration phase to new hardware, at some stage I needed to run a dcpromo on this "single server box" to make it member server (Exchange was still active on it), when somewhere halfway the DCPromo demote wizard, the mentioned error came up, and DCPromo failed.

Easy Solution: Stop all Forefront ... Services prior to running DCPromo wizard again; Caution: stopping the Forefront Service Controller will immediately stop the Exchange Information Store and Exchange Transport Service.

Cheers,

/Peter

How to REALLY make import / export mailboxes on Exchange 2010 work

2009-11-24T16:19:00Z

Hi there,

After going through a lot of other (mostly beta-based) blogposts on this subject, without getting it to work in the Exchange 2010 RTM version, I'm happy to let you know how to make this REALLY work:. I'm not telling this is the only solution or the Microsoft approved solution, I can just say it works when following this approach.

Situation:

Started from a single Exchange 2010 server environment, I had a need to import PST-files from users; what should have been a no-brainer became suddenly a 'lot-after-the-hours-work'. Based on Bing search one can follow the next posts:

http://www.msexchange.org/articles_tutorials/exchange-server-2010/management-administration/exporting-importing-mailboxes-exchange-server-2010.html

http://www.howexchangeworks.com/2009/08/where-is-exportimport-cmdlets-in.html

http://technet.microsoft.com/en-us/library/bb629586(EXCHG.140).aspx

as the most import ones with a lot of usefull information.

However, none of them helped me to make the import/export work. I got stuck at the moment where I had the following setup:

- single EX2010 hub/cas/mbx server for production

- separate machine with EX2010 Admin Console + Outlook 2010 beta x64 + working Outlook profile

- modified Rolebased permissions for user Administrator to allow import-export mailbox cmdlets

When executing the import-mailbox cmdlets once again, I got the following message: "To export to or import from a pst-file, the 64-bit version of Outlook 2010 or later must be running on the server to which you are connecting (SERVER.DOMAIN.ORG)" (where server.domain.org is my production Exchange 2010)

This left me with 2 options:

a) as mentioned in the error message, installing Outlook 2010 x64 on my production Exchange Server => this scenario was NEVER supported by MS in earlier versions; can't find any article so far where this is supported as of Exchange 2010

b) trying with an additional Exchange (Mailbox Server role) server , and see what happens

tadatatatatatatatata:

Solution B did the trick => instead of having only a server with Exchange Management tools on it, I configured it also as "mailbox server" (avoiding messing with the hub/cas roles in my environment), and dismounted the mailbox stores just to be sure. After relaunching the import-mailbox cmdlet, the import of the PST-file worked like a charm!! (export-mailbox as well :))

So I'm now at a stage where I can continue the migration project at the customer site, leaving me no more than forwarding this post to the correct teams within Microsoft to get "official statement" answer.

Keep you updated on this one.

"Database is mandatory on UserMailbox. Property Name: Database" Error when adding additional Exchange 2010 Server

2009-11-22T21:07:00Z

When adding an additional Exchange 2010 server with all roles (except UM) in my test lab, I received the following error message while installing the Hub Transport Role:

"Database is mandatory on UserMailbox. Property Name: Database"

After doing some internet searching and trying some suggestions out, the following EASY solution did the trick:

a) rerun the Exchange 2010 setup again, and start by installing the CAS Role only

b) after the CAS role setup was successfull, go ahead with the Mailbox Server Role

c) Finally, the Hub Transport role will be installed successfully as well

Easy as that!!

/Peter

how to publish Exchange 2010 OWA behind ISA 2006 or TMG beta 3

2009-11-20T10:58:00Z

Hi folks,

Now Exchange 2010 is RTM, I have done my first migration to this new version at a customer. Everything ran fine, except for the Outlook Web App - Options features (also known as the Exchange Control Panel or ECP).

After a user logs in to his OWA, at first sight it runs oke; when clicking Options in the right corner, he gets a new OWA login form, after which the error "page not found" pops up.

Here's the solution:

- On the Exchange 2010 box, make sure you modify the authentication for the ECP webfolders to "basic & integrated", just like you have to do for the OWA webfolders (Exchange Server / CAS Role / ...)

- On the ISA 2006 or TMG beta 3 box, open up your OWA Publishing Rule, go to the "paths" tab, and add the following webfolders:

/EWS

/ecp

next to the /public, /owa, ... that are already shown

Restart the ISA firewall service, and you will notice everything runs owkay now.

The only thing you will lose here is the nice and smooth OWA 2010 FBA, as the "older" OWA 2007 form from ISA will be shown. but hey, we don't care that much about layouts, right?

'til next post

/Peter

Simple Web Server Publishing Rule (at port 80) not working on TMG Beta 3

2009-10-31T16:48:00Z

Past week, I bumbed again at a 'stupid' issue on a Forefront TMG beta 3 installation; what frustrated me that much about it, is that I couldn't find any "clear information" why this was wasn't working...

One of the most easy things to do with an ISA server, sorry, euhm FOrefront TMG :), is publishing a web server in the LAN to the outside internet. It's a typical next-next-finish process; not on TMG beta 3 :{; no matter what I tried or checked in the logs, the rule wasn't working. The end-user didn't get an error message, just a blank page was displayed. On the TMG box, the log sequence was al green, meaning the rule was working fine. Well, it wasn't.

After a lot of research and frustration, I used a network monitor tool to do deeper investigation. One of the strange things I saw was port 80 being active on the TMG server, even when I wasn't testing my publishing rule. Strange indeed... Although I didn't completely thought this could be real, it seemed like IIS7 got installed on the server during the TMG installation process. (during the installation wizard, a simple thickbox was available if I wanted to use Reporting Services, which I answered as yes of course, not thinking about the fact that SQL Reporting Services requires IIS.)

The final test revealed the solution: Stopping the IIS website and restarting the TMG Services, made the publishing rule work like a charm.

Further validation of this behaviour with Microsoft as well as our Belgian ISA Server / Forefront MVP Tom Decaluwe (http://trycatch.be/members/decaluwet/default.aspx), confirmed IIS isn't being installed anymore in the RC/RTM version of Forefront TMG. Well, thank you about this :)

See yah next time,

/Peter

HyperV R2 Live Migration failing on IBM BladeCenter S Solution

2009-10-28T19:52:00Z

Hello readers,

As you may have noticed, it's been a while since I've wrote my last post. Sorry for that. Being in the middle of a new infrastructure project with HyperV R2, Exchange 2010 beta, Forefront TMG 3 beta , DPM 2010 beta, VMM 2008,... (yes, all in a production environment !!), I don't have that much time writing good articles: D (however, a lot of new posts are coming out of this project, so just stay tuned!!)

This post discusses an issue we faced on the IBM BladeCenter S solution, where live migration of a VM in the HyperV cluster with CSV didn't work, any several errors were logged, referring to timeouts and disk connection issues. After several weeks of frustration and testing, retesting, flashing firmwares,.. IBM finally came with a solution : after doing 5 storage controller firmware upgrades, go 10 versions back of the firmware; and indeed, downgrading to an earlier version of the storage controller's firmware, the live migration works smoothly (thank you Microsoft :))

The issue was related to a storage firmware issue, which had problems of not releasing the multipath information when one of the physical servers went down.

Just for the reference of other forum readers having this issue, below are some more details on the exact situation we were in:

- IBM Bladecenter S with shared SAS storage system and HS22 Blade servers
- HyperV 2008 R2 Full installs on both blade servers
- Configured HyperV R2 Failover Cluster with Clustered Shared Volumes
=> Issue : a live migration of a VM between blade1 and blade2 "runs fine" in the beginning, but fails after a few minutes; VM itself blue-screens

Together with this post, we logged a case at IBM as well for this issue. After 3 weeks over several firmware upgrades of about all components in the BladeCenter, the resolution came from IBM as well (lol), where there seemed to be a "known issue with the persistent connections" from the storage controllers to the storage disks. Meaning, the multipath connections were never "released" when one of the servers went down. This blocked the live migration, as blade2 of the cluster was never kept up to date of the fact that blade1 released the disk connection to this VM"

Technically: the IBM Storage Controller (RSSM) needed to go back to version 1.0.11 (we were at 1.0.23 at the time of writing - October 28th 2009 :); this information was based on input from IBM global support, that the persistent connections issue was reported as of 1.0.12 and higher.

I hope this can safe some readers several hours of irrelevant downtime, frustration and unhappy customers. Not even mentioning the doubt in myself of mis-configuring the MSCS HyperV stuff :)

Have a nice day,

Peter

EX2007 transport services fail to start after SP2 upgrade

2009-09-25T06:34:00Z

This week, I faced the following issue at one of our Exchange 2007 installations. After running a succesfull SP2 upgrade (all marks were green in the upgrade window), we found out mailflow was not working as it should be. After some investigation, it seemed like the "Microsoft Transport Service" and "Microsoft MailSubmission Service" did not start. Even after a reboot, still no running services.

After lots and lots of investigation, re-running SP2 setup again (which again marked all flags green), we were almost desperate...

Until one of our colleagues found an article in the MS Knowledge Base, which let to the solution => There seemed to be a parameter in the config file of the transport services, which tries connecting to a live Microsoft website; if the service can't reach that website fast enough, it times out and the service won't start.

After modifying the config file as per the article, the services ran smoothly again. (issue has been fixed by Microsoft since Exchange RU8 apparently, which was not installed on the machine prior to SP2)

Here's the link to the complete Knowledge Base article:

http://support.microsoft.com/kb/944752 - Exchange Server 2007 managed code services do not start after you install an update rollup for Exchange Server 2007

Seems like it is valid for other Microsoft Exchange Services as well :)

Voila, I hope this can save some after-hours/midnight hours working for you readers...

How to install Exchange 2007 SP2

2009-08-27T22:32:54Z

After the great announcement yesterday Exchange 2007 SP2 was finally released to the public, I couldn’t resist to go ahead and install it. Of course, a blogpost would follow, being it not only to inform you readers that it is indeed working (:)), but to wake your interest for a series of new posts coming up in the next couple of weeks.

* Exchange 2007 SP2 – what’s in it for you (new features,…)

* How to migrate to Exchange 2010

* What’s new in Exchange 2010

* …

Owkay, now the intro is over, back to the SP2 installation shots:

a) download and extract the SP2 cab file to a local directory on the Exchange box; this is needed as the setup routine needs local access to the installation files (.Net Framework requirement seems to be the explanation behind this)

b) start the “setup” application

c) Select “Install Microsoft Exchange Service Pack 2”

In my situation, it seemed like the Microsoft Windows Installer 4.5 was not yet installed; so I went ahead for the download link and installed it… added the screenshots for reference as well…

http://support.microsoft.com/kb/942288

d) After the reboot, I relaunched the setup application

e) click Next

f) click “I accept…” + Next

g) Another errors comes up; this is due to the fact we need to update our Active Directory schema for SP2 functionality. this involves the following commands to be launched from command line: (can be the Exchange server if ADDS is installed; Personally, I mostly run the AD Schema updates on the Schema master of the domain.

- setup /prepareSchema

- setup /prepareAD

h) Finally, setup has started successfully

i) waiting, waiting, waiting,…

j) Yes, Finish and all is successfull

k) As you can see, my Exchange Server box is now running version 8.2 – build 176.2 as visible in the EMC.

That’s it for today, stay tuned for the next couple of posts coming up, detailing all aspects of Exchange 2007 SP2 features and added functionalities.

Kind regards,

Peter

Exchange 2007 SP2 is out

2009-08-26T05:56:00Z

Finally, after months and months of announcements, Exchange 2007 SP2 is finally here, available at the following link for download:

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=4c4bd2a3-5e50-42b0-8bbb-2cc9afe3216a

Some of the most important features of the SP2 are:

* requirement for migration towards Exchange 2010 in the same EX Org

* Integration with Windows 2008 native backup tool

* Public Folder Quota management

* Extensive Mailbox Auditing Reports and logging

* A bunch of new cmdlets within Powershell

For a complete overview of the new features, have a look at http://www.microsoft.com/downloads/details.aspx?FamilyID=ee7829a3-0ae8-44de-822c-908cd1034523&displaylang=en

Microsoft TMG beta 2 – installation guidelines – part 3

2009-07-11T20:51:12Z

In this part 3 of the TMG beta 2 installation guidelines, we will continue the configuration and finetuning of our firewall/proxy/reverse proxy box.

One of the first things we will configure is the “Web Access Policy Wizard”, by which we define how the internal users connect to the internet.

Select “Create customized web access policies…” to create more advanced configured access rule.

In this example, I chose “Any of the above”, as in real-life, access policy groups will definitely be based on both user group and computer group / IP setting parameters.

Here we specify traffic can pass from the Internal network (our company) and the Local host (being the TMG server itself) to the external (internet) network.

For the time being, we allow anonymous connections to the internet; this would mean everyone connecting in our network (having the correct IP-address range) can connect to the internet without authenticating against the TMG server.

In this window, we define the access rule in such a way that “all authenticated users” (i.e. members of the domain) can connect to the Internet.

Here we define TMG should activate the Malware Inspection on incoming web traffic. More on the Malware Inspection feature will be explained in future posts.

Configure the appropriate setting for HTTPS inspection

For legal reasons, we have to select “notify users...” of the possible inspection that can happen.

Here we configure the TMG Caching folder and enable the caching mechanism itself. This means TMG will cache all traffic passing in/out of its interface to allow faster publishing to the end-user.

And the Web Access Policy is complete...

In the next few screens, I quickly go through the TMG management console, showing you some of the differences and new topics of TMG beta 2.

This is the default TMG Management console; compared to the ISA 2004 / 2006 management console, the following topics are completely new to TMG:

- Split Access Policies (firewall, web, email)

- Intrusion Prevention System

- Logs & Reports

- Update Center

The Monitoring window is about the same as it was in previous ISA versions. It shows a real-time overview of the overall health and status of the TMG server and services. Occurred alerts and warnings are displayed until agreed upon, we can check the current sessions (who is connected or passing by the TMG server,…)

The Firewall Policy topic gives an overview of the access rules, except the web access rules, which are bundled in a separate view.

From a functionality point of view, there is no difference with the previous versions for this topic, although it has been renamed to “Logs & Reports” instead of “Monitoring”. This window is one of the most used functions of ISA, as it gives you real-time or historical monitoring of all traffic and protocols passing by the TMG Server.

As already said, more explanations on all new options and features will be touched in near-future posts.

Microsoft TMG – beta 2 – installation guidelines – part 2

2009-07-11T20:34:08Z

In this session, I’ll explain the remainder configuration tasks to be done when installing a new Microsoft TMG in your network.

In part 1 of this series, I explained what Microsoft TMG is, and showed you how “easy” it is to get the application installed and get up to speed.

Obviously, I continue my installation guidelines with the mentioned Getting Started Wizard at the end of part 1.

The Getting Started Wizard is a nice little component of TMG, which allows the administrator to make sure all necessary networking and system configuration parameters that TMG needs to run at its best, will be configured.

Here we go…

Click on “Configure Network Settings”, after which the network setup wizard comes up.

At the time of writing this series of articles, I planned on running the TMG box behind my production ISA 2006, only to be used as a proxy server for testing. As such, it has only one network interface. To have your TMG server act as both a proxy (lan towards internet) and reverse proxy (internet publishing access from lan resources eg. Webmail), 2 network cards are a minimum.

Enter the IP-settings for the INTERNAL network interface. These settings are copied over from the standard network settings if already filled out.

That was all for step 1 of the Getting Started Wizard. Easy isn’t it…

Up to step 2 than, the system settings configuration wizard…

as the Windows Machine is already member of the domain, this property is taken over in the wizard of course…

Although it is not necessary, I personally recommend configuring the TMG server as a member of the domain. Especially when acting as a proxy server for your internal network.

Otherwise, you can configure it as a stand-alone server in a workgroup, needing LDAP access to the domain controllers (eg. When ISA is located in a separate subnet or DMZ-zone)

That was all for step 2; 1 step left to complete…

Step 3 : Define deployment options:

In this final step, we configure if and how TMG will make use of Windows Update Services, how some of the newly available features are licensed, and if you want to upload anonymous information from the TMG application to Microsoft for troubleshooting.

Selecting “Use the Microsoft Update Service…” is a good practice, as it assures you the download and installation of the most-up-to-date patches and component updates (eg. malware detection filter,…)

As a Microsoft beta tester, I select “Yes, I’m willing to participate…”

That’s all there was to complete the Getting Started Wizard. Fancy piece of software to make the “TMG system configuration” a no-brainer.

‘till next time,

/Peter

Microsoft released the DPM Configuration Analyzer

2009-07-11T15:43:00Z

Just a few days ago, Microsoft published its "DPM Configuration Analyzer - DPMCA"; this tool allows IT admins to investigate the installed DPM environment for issues, best practices on the DPM configuration parameters, policies.

In fact, it's a tool which runs on top of the earlier published "Microsoft Baseline Configuration Analyzer - MBCA".

More information on the DPMCA and the MBCA can be found using the following link:

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=54b4bb57-d6e3-4c1e-a889-a24cfa18fcd4

Til next post,

/Peter