Monday, July 21, 2014

So long, little MEC v2, we hardly knew ye

To the excitement of many, two years ago Microsoft resurrected the Microsoft Exchange Conference.   To many in the Exchange server community, this represented a renewed focus on Microsoft's part towards providing top-notch information to the Exchange community.  Though I found the timing to be a bit suspect (after all, MEC had been gone for 10 years), it was a welcome resurrection even though, at the time, I was the speaker chair for the Penton Media Exchange Connections Conference.

Alas, nothing lasts forever and apparently MEC v2 is already being canned in favor of a bigger, better, more stupendous TechEd.  The new event, now called Unified Microsoft Commercial Technology Event, will roll TechEd, MEC, the SharePoint, and the Lync conference.

I am disappointed in this latest devolution of Microsoft's conferencing strategy.  Unfortunately, large conferences tend to have to their sessions dumbed down a bit to a lower common denominator.  Smaller conferences, like MEC or Connections, does allow for more detailed and specialized sessions.  And, it does allow for more interaction with the presenters and vendor subject matter experts.

#IWasMEC

Sunday, July 20, 2014

Change Auditor installation broke Exchange 2010 scripting

Last week, we finally got around to starting our Change Auditor for Exchange installation.  We had tested this pretty thoroughly in the lab, but had not yet put it in to production.  So, we picked an unused public folder server in our Disaster Recovery site.

We did not realize that the first Change Auditor for Exchange agent that gets installed also enables a global setting that enables the Scripting Agent.  Once enabled, admin scripts and SCOM scripts could no longer run.  And, we use a lot of scripts for admin tasks.

If we had gone ahead and completed the Change Auditor agent installation on all servers, the problem would have been resolved.  But, since something was "broke" we halted the installation until we could figure out what had happened.

As a work around, we changed the ScriptingAgentConfig.XML file (see the above link) and disabled it on all other E2K10 servers.

Sunday, July 06, 2014

Mailbox storage: If you really don't like your users... give them what they ask for...

Mailbox storage is always been a sore spot with me.  Regardless of how often you remind users to manage their mailbox, they want to hold on to almost everything.   But, I get this... I often refer back to email conversations that I had 2 or 3 years ago.  Email is an extension of my brain/memory.

In my user community, we have users that regularly receive 1.0GB of email per month.  PPTs, PDFs, documents, spreadsheets, images, audio, newsfeeds, you name it, they get it.  And, they keep it.

Years ago, our users complained loudly that they did not like having mailbox storage limits.  Management heard their screams and told us to raise the storage limits so we adopted Enterprise Vault and essentially give our users a "bottomless mailbox."   Vault comes through and archives anything older than 30 days. 

Normally, they don't let me anywhere near end users because I don't have a filter.... but over the past 2 years I have spoken to a lot of our user community.  And, they have resoundingly said "we hate Enterprise Vault" and "give us a larger mailbox and then just let *us* decide when we delete something or if we keep it."

So, our newest email platform now provides each user with a 2GB mailbox and a 10GB personal archive.  Within 6 months, some of our users had already exceeded these limits and more exceed them every day. 

And, you guessed it...  they want a way for "the vault to archive their older stuff".

:-)

Wednesday, June 11, 2014

OWA for Android App

Very cool!  Microsoft released today an OWA for Android app.  It is still in pre-release, but so all of you early adopters out there can expect few bugs.  And, of course, if you have been following the OWA apps for mobile devices, there is the caveat that it is only available for Office 365 for Business customers.  ;-(    So, more bait to get people to move to Office 365.


Tuesday, June 10, 2014

Show pictures the Exchange 2010 OWA GAL

Thanks again to Lee Derbyshire

How To Show GAL Pictures For Internal Emails In Exchange 2010 Outlook Web App

Moving Exchange database or defrag'ing Exchange database

I still see these questions asked pretty frequently:

1)  I need to defrag/compact my Exchange 2007 / 2010 / 2013 database?  What is the best way to do that? 
(or)
2)  I need to move my databases to a new disk.  What is the best way to do that?

If you have the free disk space, by and large the best way to defrag or move data is to just create a new database on the new disk.  Then, use the New-MoveRequest option to move the mailboxes over. This takes a bit longer but it also minimizes downtime and customer annoyances.  And, in the case of a defrag, it minimizes risk to the database file.

Automated user provisioning - Savior or Satan?

Over the past 10 years, more and more medium and large corporates have embraced user account and group provision systems as part of their identity management strategy.  In this article, Why Provisioning Should Move Away from IT, Dell/Quest advocates moving the provisioning process away from IT entirely.  (Well, that would be almost impossible, but at least get the "process" if not the technology away from IT.)

My own organization embraced a fairly customized version of Microsoft's Forefront Identity Manager (FIM) as our provision system.  It integrates with our PeopleSoft system as well as a number of other databases to provide a unified identity picture.

We have about 1 1/4 full time Microsoft Consulting Services employees on staff that help us maintain this behemoth, another almost full-time contractor, and another almost full-time employee that helps operate the system.  For 45,000 user objects, I'd estimate we spend about $750,000 per year in labor to maintain this.

The system is always a few generations behind where we need it to be.  Feature requests are generally a year to three years behind in integration and implementation.  (Part of this is due to some... "mishaps" our management is so gun-shy about anything to do with this platform that doing nothing is their IM strategy.

Meanwhile, the system works partially well for only about 75% of our employees/contractors since our PeopleSoft system maintains data for only employees not a lot of contractors.  So, our help desk still manually provisions many user accounts and groups. And, our PeopleSoft system often spits out phone numbers in formats that are not usable by UC "dialer" links or software.  So, dial links in Lync are useless.  And, our HR department refuses to update their system to accommodate us.

I'd guess that this platform actually costs us *more* than a manual provisioning system.  Sometimes, there is a reason why there is "no school like the old school."

If you are considering an automated user provisioning system, I strongly recommend going through as many different use cases as possible.  Not just your full time employees, but look at temps, short term contractors, long term contractors, VIPs, etc...  Go through your proposed IM system and look at all of these use cases and determine if the work flows are going to accommodate these.   And, if now, how many users fall outside of the "automated" boundary and how are you going to take care of them?


Monday, June 09, 2014

AssociatedItemCount versus ItemCount

 Recently, one of my "Yes, but show me the TechNet article to prove it" co-workers asked me about the different between AssociatedItemCount and ItemCount properties in Exchange 2010 (and, of course 2007 and 2013) when looking at mailbox and public folder statistics.  (We all have one of these co-workers, don't we?)

ItemCount reflects the total number of actual, viewable mail/calendar/contact/etc... items in the folder.  Anything the user sees in the folder or mailbox.

AssociatedItemCount are the "hidden" objects associated with a folder or mailbox including rules, forms, form-type, Admin info, moderation information, views, auto-complete items, categories, etc... 

Here are the relevant passages in the scripture. 
MSDN Folder Associated Information
MSDN Content Tables
MSDN Folder-Associated Information Tables


Saturday, June 07, 2014

Goodbye Sitemeter

I have been using Sitemeter for years to provide a simple visit counter and reports for some of my web sites.  Recently, I noticed that sometimes my Ithicos site was loading slowly sometimes and the browser was going to a lot of sites that I *know* I don't have links to.

This includes:
adjuggler.net
demdex.net
neac.com
scorecardresearch.com
vindicosuite.com
ads.yahoo.com

Apparently, Sitemeter has been bought by the same ad-ware intensive company that bought MySpace.  And, now the script that you embed on your web site for the Sitemeter is also going out and establishing connections and setting cookies for all of these other sites.

I not only found it is setting this cookies and establishing these connections, but it is also REDIRECTING my site to an "ad" page and my site visitor has to click "Return to Original Site" link.

Goodbye Sitemeter!



Wednesday, May 21, 2014

Outlook 2007: Are you longing for a way to see GAL photos?

I think showing people's photos in the Global Address List is a great way to improve collaboration between employees.  Especially in medium or large businesses or in businesses that are geographically dispersed.  It adds a nice, friendly, personal touch to email. 

If you are still stuck on Outlook 2007, good news!  There is an Outlook 2007 Social Connector add-on.

Monday, May 05, 2014

Easiest thing I have done this spring.... Kemp Load Balancer

I have to say, setting up a Kemp Load Balancer to front-end 2 Exchange 2010 servers was just about the easiest thing I have done this year.  Set up the hardware, registered the device with Kemp, loaded up an Exchange 2010 template, and configured the two virtual servers.   First time I had done this. It took a a bit more than hour from the time we pulled it out of the box until the it was done.  Nice!

Tuesday, April 08, 2014

Usage of higher MX records

I recently noticed something that at first seemed a bit weird.   A company had transitioned to an external email hygiene service but left their old MX record in place with a higher cost value, so their MX records looked like this (I shortened the text a bit)

company.com     MX=10     hygiene1.serviceplace.org
company.com     MX=10     hygiene2.serviceplace.org
company.com     MX=20    oldserver.company.com

 We noticed that a lot of email was still coming directly in to oldserver.company.com (their old gateway). 

  According to the RFCs, the SMTP transport is supposed to always pick the lowest MX record first and only move to a higher one if the lower ones fail.  But, we were seeing a different behavior.

  After some additional analysis, we found that only spam and malware were coming in to the MX record of 20.   After some discussion with some colleagues, I found out that spammers will intentionally do this in hopes of finding backdoors or SMTP paths in to your system will less security or message hygiene in place.

 Ideally, once you start using an external provider, you should remove your old MX records, get their IP addresses from which they send, and block everyone else's TCP port 25 at your firewall so that spammers can't find you by port scans.

Monday, March 31, 2014

Forms based authentication and anonymous folders

Sometimes I have seen some weird issues with some forms based authentication.  On the logon form, the images do not show up and the text and other information does not line up correctly.  The images are in the .\images folder and the style sheet is in the .\styles folder.

Turns out, this is by design because forms-based authentication is enabled and the authorization section specifies that anonymous users are denied access (in the <authorization> tag.

    <authorization>
      <deny users="?" />
      <allow users="*" />
    </authorization>


I found a lot of discussion threads indicating that the <location> could be used with the path option to specify a path that could be accessed anonymously.  But, I found conflicting information.  One poster said you could only have ONE <location> tag.  However, upon testing it, I found that you can indeed have 2 different <location> tags.  See below.

    <!-- This location tag specifies that the styles and images folders are accessible before logon. This allows the logon page and logo to be displayed correctly. -->
     <location path="styles">
      <system.web>
         <authorization>
            <allow users="*"/>
         </authorization>
      </system.web>
   </location>
     <location path="images">
      <system.web>
         <authorization>
            <allow users="*"/>
         </authorization>
      </system.web>
   </location>


  I put these inside the <configuration> tag of the web.config file near the bottom.  This seems to clear up the issues. 

Saturday, February 01, 2014

Exchange 2013 Architecture Poster

Microsoft just released a PDF version of their Exchange Server 2013 Architecture Poster.  Free to download.

Tuesday, December 17, 2013

Convert OST file to PST file

I still see questions in the forums from time to time where someone is asking if it is possible to convert an OST file to a PST file.  This is usually due to a mailbox being deleted, but the OST file remains.

Microsoft does not provide any mechanism to convert an OST file to a PST file.  However, if you can open up the OST file when you open Outlook, you can create a new PST file and just export email to it or drag-and-drop items in to the PST file.

There are a few third party tools that will do this, but I have not tested any of them.

http://www.convertost.com/
http://www.brothersoft.com/convert-ost-to-pst-68529.html
http://www.windowsreference.com/ms-exchange-server/how-to-convert-ost-to-pst-format-for-outlook/
 

Sunday, December 15, 2013

.NET Framework 4 application issues on fresh Windows 2008 R2 installation

A bit of frustration with Windows Server 2008 R2 and the .NET Framework 4.0.  Just because you use the Add-WindowsFeature Application-Server option to add the .NET Framework, the 4.0 Framework may not be properly registered with IIS.  This seems to be true when you install the 4.0 Framework first and then later add Web-Server and Application-Server options to Windows later.

I installed the prerequisites, then installed my 4.0 Framework application and got this error:

HTTP Error 500.21 - Internal Server Error

Handler "PageHandlerFactory-Integrated" has a bad module "ManagedPipelineHandler" in its module list

This implies that the ASP.NET managed handler is incorrect, but in reality the 4.0 Framework is not properly registered.

Open up a command prompt as an administrator, then change to this folder:
C:\Windows\Microsoft.NET\Framework\v4.0.30319 

Run this command:
aspnet_regiis.exe -iru 

  There are a couple of different installation/registration options for aspnet_regiis.exe, but the -iru option is the safest since it only registers the 4.0 Framework and does not change/update any existing applications or web sites.  That is helpful if you have web applications that are still using the 2.0 Framework.

Sunday, December 08, 2013

Ithicos Solutions Customer Survey

If you are a customer of Ithicos Solutions and use our Active Directory self service tools such as Directory Update, Directory Manager, Directory Search, and/or Directory Password products, we would like your feedback:

Ithicos Solutions survey

This survey should take no more than 5 minutes to complete and will help us determine better ways to support you in the future.  The survey is completely anonymous, but if you can leave your email at the end for a chance to win an Amazon gift card.


Labels: