Archive

Archive for July, 2011

RU4 for Exchange 2010 SP1 removed…

July 25, 2011 Leave a comment

Just a quick one – as the title Suggests Microsoft recently pulled RU4 for Exchange 2010 SP1 due to a new-found bug.

http://blogs.technet.com/b/exchange/archive/2011/07/13/exchange-2010-sp1-ru4-removed-from-download-center.aspx

The current answer is one of two things;

1) Uninstall RU4

2) Apply the Interim patch for RU4 (KB 2581545). You will have to ring Microsoft for this (as it is not yet published) – however be warned that initially this KB number will not seem to exist. Best bet is to raise a call with the Exchange team (you will have this refunded as it is a bug/fix situation) – however I had to get to third-line Exchange guys before I got an “Yes, it’s here”. Also bear in mind that this will likely have to be removed before RU5 can be applied (when it is released).

Take care!

 

(For my own sanity I posted this as a comment ;

http://blogs.technet.com/b/exchange/archive/2011/07/13/exchange-2010-sp1-ru4-removed-from-download-center.aspx?CommentPosted=true#3443289)

Problems authenticating to ActiveSync? Don’t be an Admin then!

July 16, 2011 Leave a comment

 

Recently had the following error when testing ActiveSync (via www.testexchangeconnectivity.com after the IT manager said their Android device wouldn’t work Sad smile )

 

A HTTP 403 forbidden response was recieved. The response appears to have come from IIS7

 

I did a bit of digging and found out something I did not know – if you are a member of any BUILTIN Administrative group in Active Directory then you cannot utilised ActiveSync!! (This is due to the “Inherit permissions” removing as you are a member of a “Protected Group” from what I could gather).

 

Oh well, time to remind people that they should not be using Domain Administrative accounts for day-to-day access!!! Winking smile

Errors running testexchangeconnectivity on Autodiscover

July 16, 2011 Leave a comment

 

If you get the following error;

 

image

 

Ensure that the “Autodiscover.domain.com” public name is added to the TMG rule that has the /Autodiscover/ Path – IT DOESNT GET ADDED BY DEFAULT! ;

 

image

Customising the Login page for TMG Outlook Web Application 2010

July 16, 2011 2 comments

To customise the Login page (say, removing the “DOMAIN\” part of the username prompt) edit the “strings.txt” found in ;

 

C:\Program Files\Microsoft Forefront Threat Management Gateway\Templates\CookieAuthTemplates\Exchange\HTML

 

Look for the string;

 

L_UserName_Text="User name:"

 

And change it to be what’s required (the above has the DOMAIN\ already removed).

 

Any of these strings can be changed.

 

To force changes to take effect, restart the TMG Firewall Service Smile

 

Happy TMG’ing Winking smile

Outlook Anywhere not working in Exchange 2010 SP1?

July 14, 2011 Leave a comment

Had the following a few times now – Outlook Anywhere not working for Exchange 2010 SP1 when the Authentication method is set to Negotiate.

 

Event logs show the following;

 

Process information:
    Process ID: 5200
    Process name: w3wp.exe
    Account name: IIS APPPOOL\DefaultAppPool
Exception information:
    Exception type: ConfigurationErrorsException
    Exception message: Could not load file or assembly ‘WindowsLiveID, Version=0.0.0.0, Culture=neutral, PublicKeyToken=283dd9fa4b2406c5’ or one of its dependencies. The system cannot find the file specified.

 

In short, change from Negotiate to NTLM as Negotiate introduces the WindowsLiveID provider, and this causes Outlook to fail authentication (in short).

 

If NTLM is already enabled (or Basic) then make sure that the WindowsLiveID provider isn’t being inherited (look in IIS Manager under /RCP in the “Modules” bit Smile

Gotcha when assigning Certificate to Exchange 2010 SP1

July 14, 2011 2 comments

 

Quick one;

 

Quite often I will enable HTTP (i.e. disable the SSL requirement of IIS 7.5 in 2008 R2) access within IIS to allow me to do a neat HTTP to HTTPS redirect on the root folder.

 

This allows silly users to do the old “webmail.domain.com” syntax in their browser of choice and still get them to the /owa virtual directory.

 

However when you go to assign a certificate to this using EMC a warning is flagged;

 

Do you want to enforce SSL communication on the root web site? If not, rerun the cmdlet with the –DoNotRequireSSL parameter.

 

I clicked “no” (obviously) and the EMC process completed Successfully – i.e. with a nice big fat green tick Smile

 

However upon further inspection it appeared that it hadn’t completed – in fact the certificate hadn’t applied at all.

 

Running it from the EMS with the –DoNotRequireSSL parameter sorted me out, but surely if you answer no and therefore exit out of the process it should pass through an error output rather than a success?

 

Never mind Smile

Balance mailbox count over Databases in Exchange 2007 and 2010

July 13, 2011 Leave a comment

Quick one;

 

http://www.stevieg.org/tag/move-mailbox/

 

Has a fab little script that will generate you a PS1 script to automate the mailbox count over multiple databases.

 

It only works with count so far – but the author says they will eventually re-write it to count size distribution also.

 

Handy as hell when mass-provisioning mailboxes using, oh I don’t know, Quest tools.