WSUS - An HTTP error occured

In the process of setting up a new WSUS server I received the following error message when attempting to perform a sync.  This is after installing WSUS 3.0 Service Pack 2 available from http://support.microsoft.com/kb/2720211

An HTTP error occurred

Clicking Details provides the following error output.

WebException: The request failed with the error message:
--
Object moved
Object moved to %2fmicrosoftupdate%2fv6%2ferrorinformation.aspx%3ferror%3d15"
--.
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Microsoft.UpdateServices.ServerSyncWebServices.ServerSync.ServerSyncProxy.GetAuthConfig()
   at Microsoft.UpdateServices.ServerSync.ServerSyncLib.InternetGetServerAuthConfig(ServerSyncProxy proxy, WebServiceCommunicationHelper webServiceHelper)
   at Microsoft.UpdateServices.ServerSync.ServerSyncLib.Authenticate(AuthorizationManager authorizationManager, Boolean checkExpiration, ServerSyncProxy proxy, Cookie cookie, WebServiceCommunicationHelper webServiceHelper)
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.SyncConfigUpdatesFromUSS()
   at Microsoft.UpdateServices.ServerSync.CatalogSyncAgentCore.ExecuteSyncProtocol(Boolean allowRedirect)


After researching this error message I discovered Microsoft moved data on the Microsoft Update servers early 2013 and as a result the WSUS installation package which comes with Windows Server 2008 R2 no longer knows the correct URL to synchronise with (this is after installing WSUS 3.0 SP2 from KB2720211).

After installing WSUS 3.0 SP2 from KB2720211 you then must install another critical update which can be downloaded from KB2734608.  This will tell WSUS the new location to synchronise from.  In total you should have installed the following two updates including the Report Viewer 2008 package.

Download KB2734608: http://support.microsoft.com/kb/2734608

After installing KB2734608 on my WSUS 3.0 Service Pack 2 server, WSUS now referenced the right Microsoft Update location and synchronisation started working successfully.

 

Windows Update Error 80244018

Today I had issues patching a Windows Server 2008 R2 server at one of my clients.  Windows Update provided me with the following error message:

A error occurred while checking for new updates for your computer.
Error Code 80244018

 

This error code is generated when a computer has issues connecting to the Windows Update server.  My customer used Threat Management Gateway as a firewall solution.  After reviewing the firewall rules there was a rule which prevented access to Microsoft Windows Update servers.

Removed the rule and problem resolved.

SM Bus Controller VEN 8086 DEV 1E22

When setting up a new Lenovo X230 for a customer I had problems finding the correct driver for an SM BUS Controller.  The hardware had the following Vendor and Device Id's.

PCI\VEN_8086&DEV_1E22&SUBSYS_21FA17AA&REV_04

After research it turns out that this hardware matches a Intel 7 Series/C216 Chipset Family SMBus Host Controller.

To download the Intel 7 Series/C216 Chipset Family SMBus Host Controller driver please see the following website:

http://devid.info/download/56602/27

Scroll through the ads until you find 56602_Chipset_9.3.0.1019.zip (2.87 Mb)

Icons Do Not Appear in Internet Explorer 10 for RD Web Access

After upgrading to Internet Explorer 10 when accessing a 2008 R2 Remote Desktop Services (RDS) RD Web Access, we noticed the icons no longer display.

Running Internet Explorer 9, the icons display correctly:

However if you switch Internet Explorer 10 into compatibility mode, the icons also display correctly.  To enable compatibility mode click the following page icon next to the address bar.

When it turns blue in colour, this means compatibility mode is enabled and the RD Web Access icons will reappear in RD Web Access.

A bug has been logged with Microsoft on this issue.

Delegate Permissions to Change Permissions on Mailboxes - Exchange 2007

I am currently in the process of a delegation project for one of my customers running Exchange Server 2007.  My customer requires that all service desk staff members have the ability to manage Exchange recipients but can make no other changes within Exchange.  Part of the Recipient Management requires the service desk staff must have the ability to:

• Manage Full Access Permission
• Manage Send As Permission

By default the Exchange 2007 Exchange Recipient Administrators group does not provide the ability to manage permissions on mailboxes however this can easily be granted.

To grant Exchange Recipient Administrators the ability to change permissions on mailboxes they must have the ExtendedRights "ms-Exch-Store-Admin" in Active Directory on the Configuration Partition.  This can be granted using the following powershell command:

Add-ADPermission -Identity "CN=Exchange Org,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local" -User "domain\Exchange Recipient Administrators" -ExtendedRights ms-Exch-Store-Admin -InheritanceType All
Ensure you change the Exchange Org to reflect your Exchange org and the domain\ to reflect your domain's NetBIOS name.

If the permissions are not set right you will get an error similar to:

Domain\username
Failed
Error:
Failed to commit the change on object "a757e5a9-64e0-49cb-ac90-acda685c7f1c" because access is denied.
MapiExceptionNoAccess: Unable to set mailbox SecurityDescriptor. (hr=0x80070005, ec=-2147024891)

Exchange Management Shell command attempted:
Add-MailboxPermission -Identity 'CN=Domain User,OU=People,DC=domain,DC=local' -User 'DOMAIN\account.name' -AccessRights 'FullAccess'
Elapsed Time: 00:00:00

Failed to commit the change on object because access is denied.

Hope this post has been helpful.

Controlling the Auto Shared Mailbox Mapping Feature

From Exchange 2010 SP1 onwards, Exchange Autodiscover now has the ability to automatically add a mailbox to a user account which has full control of the mailbox to Microsoft Outlook.  This was done by changes made to Autodiscover and the addition of a new attribute called MSExchDelegateListLink.

From Exchange 2010 SP1 onwards, whenever you grant a user full access to a mailbox, the user which was granted full access is by default added to an attribute called MSExchDelegateListLink on the shared mailbox.  This tells Autodiscover to automatically add the mailbox to the users Outlook profile.

For example take a look at a shared mailbox called "Spam" which is responsible for holding all spam emails on my Exchange server.  As you see it has 3 accounts associated with the msExchDelegateLinkList attribute one of them being me, Clint Boessen.

 

If I only want myself to receive the spam mailbox by default, I would remove the other two accounts from this attribute.  This can also be done by powershell with the AutoMapping parameter on the Add-MailboxPermission cmdlet.

 

Add-MailboxPermission "Shared Mailbox" -User -AccessRights FullAccess -AutoMapping:$false

 

Hope you learnt something in this post.

Warning: Attribute userAccountControl of DC is: 0x82020

When running a DCDiag at a customer site today I had the following error occur.

Warning:  Attribute userAccountControl of DC is: 0x82020 = ( UF_PASSWD_NOTREQD | UF_SERVER_TRUST_ACCOUNT | UF_TRUSTED_FOR_DELEGATION )
Typical setting for a DC is 0x82000 = ( UF_SERVER_TRUST_ACCOUNT | UF_TRUSTED_FOR_DELEGATION )
This may be affecting replication?
It is a bug when we pre-create a computer account in ADUC and then promote it as DC, the UserAccountControl is set to 532512 instead of the default 532480. You need to manually set the vaulue to 532480 in ADSIEDIT.MSC.

UserAccountControl values for the certain objects:
Typical user : 0x200 (512)
Domain controller : 0x82000 (532480)
Workstation/server: 0x1000 (4096)

Change it to represent 0x82000.

 

Exchange 2010 Outlook Anywhere Connection Randomly Drops Out

One of my customers experienced an issue where Outlook clients randomly lost their HTTPS connection to the Exchange server.  All Outlook clients at my customer connect to the Exchange server using http/RPC rather then TCP (MAPI) both internally and externally.  Randomly once a day the Outlook HTTP connection would break and fall back to TCP (internally) or break completely for external users.

Running iisreset would fix the problem but the problem would always re-emerge.

To ensure that Outlook clients retain their connection with the Exchange server using HTTP and not TCP both "On fast networks, conect using HTTP first" and "On slow networks, connect using HTTP first" must be selected.

Activesync and webmail continued to work ok and were not effected by this issue.

This issue was caused by the RPC web application using te Default Application Pool (DefaultAppPool) which is configured to recycle worker processes every 1740 minutes (29 hours).  During the recycling process, IIS allows active worker threads an additional 90 seconds to finish servicing requests before IIS terminates the active threads.

Because RPC over HTTP uses long-running connections, the connections may not finish within an additional 90 secosd that were given to the worker threads.  In this scenario, the connections are terminated.  Therefore Outlook loses connectivity with IIS.  When this action occurs, Outlook immediately tries to reconnect.  If many Outlook clients are disconnected at the same time, the large number of concurrent reconnections may overwhelm the server.

To resolve this problem create a new Application Pool dedicated to the RPC over HTTP web application with a larger HTTP sys que limit.  Please refer to the following TechNet article with instructions on how to perform this procedure:

http://technet.microsoft.com/en-us/library/dd421855.aspx

An Insight into Stellar Phoenix Outlook PST Repair tool

In this article we are going to look at how to repair a corrupt PST file using the Outlook PST Repair tool created by Stellar Phoenix.

Before we dive into Outlook PST Repair lets quickly cover Scanpst.exe.  Scanpst.exe is a free tool shipped with Microsoft Outlook 2003/2007/2010 which lets you repair corrupt PST files.

On my Office 2010 installation, ScanPST can be found in the following path:

C:\Program Files\Microsoft Office\Office14


Below is a screenshot of ScanPST.

Stellar Phoenix labs performed testing with ScanPST and from their testing they discovered that the free PST repair tool is capable of repairing PST files with only minor structural errors.  PST files with severe correction or PST files where the indexing table is completely removed, ScanPST will not repair the file.

Stellar Phoenix claim that their tool Outlook PST Repair v4.5 can repair a corrupt PST file and bring it back to a consistent state regardless how severe.  I questioned this with Stellar Phoenix as 100% of corruption is a big claim however the company was confident to back it.  All content within the corrupt the PST file which is in its valid state can be recovered.  Data which has been lost due to corruption is gone, no tool will be able to recover this.

Outlook PST Repair v4.5 has been designed to look like Microsoft Outlook to provide users and administrators with a familiar user experience.  When a corrupt PST loaded, all content which is still readable inside the corrupt PST file will be displayed.  Companies have the flexibility of recovering individual emails, attachments, sub folders or entire PST files.

Below is a screenshot of the the Outlook PST Repair tool:

To begin using the tool simply the Open an Outlook File to Repair.

Select the location of the PST file which is corrupt.  In my case I have a corrupt PST file called test.pst.

Hit the Start button and Outlook PST Repair will go through and scan for all recoverable content.

The tool displays all data which is now recoverable.  The user is able to browse mail items, calendars, contacts, tasks, notes everything which can be displayed in Outlook using the Outlook PST Repair tool.

The user is able to do the following things once a corrupt PST file has been loaded in Outlook PST Repair v4.5:

• Export all content which is readable within the corrupt PST into a new PST file.
• Export select content from a corrupt PST file by selecting what content they wish to export.
• Extract attachments from emails
• Export individual emails to MSG or EML format

Outlook PST Repair v4.5 comes in a demo version and a full version.  What is the difference between the demo version and the full version?

The demo version allows you to see all items which can be discovered, read email and look at calendar items however it does not allow you to extract any information out of the corrupt PST file including attachments, individual items or folders.

The full version allows you to browse a corrupt PST file and export content from a corrupt PST file to a new PST.

There are two licencing versions for purchasing the full version of Outlook PST Repair 4.5.  Both licences come are lifetime and come with 24/5 technical support free with the purchase.

• Single User Licence ($129 USD).  Users receive a key which they use to activate the Outlook PST Repair tool.  Once activated the key will only ever work on the Windows instance in which Outlook PST Repair tool was activated.  In the event the user purchases a new computer or re-installs Windows, the user must contact support to transfer the licence.
• Technician Licence (299 USD).  The technician licence can be used unlimited times on different workstations.  However a USB key must be connected to the machine to activate the licence and perform the recovery.  Only one recovery can be performed at a time.  One technician licence must be purchased per office.  Stellar Phoenix ship the USB key to the customer upon purchase.

Note: All pricing is subject to change, to get the latest pricing please visit www.stellarinfo.com

Summary

The Outlook PST Repair 4.5 tool is a fantastic tool for fixing corrupt PST files.  If Scanpst.exe fails to recover a corrupt PST file or you need to perform granular recovery from a corrupt PST file I encourage you to give Stellar Phoenix Outlook PST Repair a shot.

For more information or to obtain a copy of Stellar Phoenix Outlook PST Repair please visit the following website:

http://www.stellaroutlooktools.com/scan/pst-repair.php

How do I find out if an Email Address exists in Exchange

You want to determine if an Email address has been already configured on an Exchange server.  To do this you need to use the following cmdlet:

Get-Recipient

For Example:

Get-Recipient clint.boessen@avantgardetechnologies.com.au

You cannot use the Get-Mailbox cmdlet as remember you can configure email addresses on more then just user accounts.  Email addresses can be configured on groups, contacts even public folders.

Note: If you use Get-Mailbox with the -an switch it will only search the primary SMTP addresses.

Cisco - Port Two Public IP Addresses to the Same Internal Address

Today we required the ability to port forward two public IP addresses both listening on TCP25 to the same internal IP address listening on TCP25.  By default a Cisco router will not let you do this.  However there is an extenable option which you can put on the end of your command to allow you to do this.

 

For example to allow TCP25 from both 3.3.3.3 and 3.3.3.4 to 10.1.1.40 on TCP25 we would do the following:

 

perth-router(config)#do show run | in ip nat
ip nat inside source static tcp 10.0.8.10 25 3.3.3.3 25 extendable
ip nat inside source static tcp 10.0.8.10 25 3.3.3.4 25 extendable

Hope this has been helpful. 

HTTP Attack Resulted in RBL Listing

Today one of my customers was listed on the SpamHaus XBL list.  The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies (HTTP, socks, AnalogX, wingate, etc), worms/viruses with built-in spam engines, and other types of trojan-horse exploits.

My customer had all client workstations access the Internet from the same public IP address as what the Exchange 2010 server relayed email from.  Workstations did not connect to the Internet through a proxy, just sandard network address translation (NAT).

My customer did block TCP25 Outbound (SMTP Traffic) from all hosts on the network but the internal IP address of there Exchange 2010 server.  Despite this my customer was still added to the XBL.SpamHaus.org blocklist and as a result had difficulties sending and receiving email from many companies especially because SpamHaus is one of the more popular blocklists.

This was because a few workstations on their network was infected with the Pushdo trojan which was performing denial of service (DOS) attacks against target web servers.

Below is the reason why we were RBLed extracted from the SpamHaus.org website:

To get around this problem we changed the outgoing IP address of email, ensured a PTR record exists for the new IP address, updated the Sender Policy Framework (SPF)  TXT record on the DNS zone.  Finally we updated the port forward on the router and MX records to ensure all mail relay went through a dedicated email.

So what did we learn from this?

• If possible always use a dedicated public IP address for relaying mail (if possible)
• Use a proxy server for your users to surf the net and block HTTP/HTTPS and other ports if possible outbound to the Internet.

Regarding the Pushdo botnet, we got around to cleaning that up too to ensure my customers network was not used to DOS innocent web servers on the net.

The Windows Backup engine could not be contacted. Retry the operation.

Today when attempting to perform a System State backup on a Domain Controller I received the following error message:

The Windows Backup engine could not be contacted. Retry the operation.
The RPC server is unavailable.

I also noticed the following event errors appearing in Event Viewer.

Log Name:      Application
Source:        VSS
Date:          13/03/2013 10:48:41 AM
Event ID:      12292
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      DomainController
Description:
Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {06d8e136-56f6-4048-93fb-a5943e949375} [0x80040154, Class not registered
].
Operation:
   Obtain a callable interface for this provider
   List interfaces for all providers supporting this context
   Get Shadow Copy Properties
Context:
   Provider ID: {5fdb6ef5-6ead-4610-995b-401c88626115}
   Class ID: {06d8e136-56f6-4048-93fb-a5943e949375}
   Snapshot Context: -1
   Snapshot Context: -1
   Execution Context: Coordinator

Log Name:      Application
Source:        Application Error
Date:          13/03/2013 10:48:50 AM
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      DomainController
Description:
Faulting application name: wbengine.exe, version: 6.1.7601.17514, time stamp: 0x4ce79951
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc0000374
Fault offset: 0x00000000000c40f2
Faulting process id: 0x5888
Faulting application start time: 0x01ce1f9517234ddc
Faulting application path: C:\Windows\system32\wbengine.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 880e1970-8b88-11e2-aefa-005056a2000b

The above event error 12292 it provided us the Provider ID: {5fdb6ef5-6ead-4610-995b-401c88626115}.  Looking in the registery under HKLM\System\CurrentControlSet\services\VSS\Providers\{5fdb6ef5-6ead-4610-995b-401c88626115} it shows this provider as the Backup Exec VSS Provider.



For some reason WBAdmin is trying to use the Backup Exec VSS Provider instead of the Microsoft VSS Provider.

I added the registry DWORD UseMicrosoftProvider to HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore with a value of "1" which is meant to force the backup to use the Microsoft provider.

This key had no effect, the backup still attempted to use the Symantec VSS Provider.  Next I used the following Symantec article 130940 to completely remove the Symantec backup exec agent from the server including removing registry keys.

http://www.symantec.com/business/support/index?page=content&id=TECH130940

After removing the Symantec backup exec agent I ran a test backup and the backup failed again with the same error.  Running a "vssadmin list providers" revealed that the Symantec VSS Provider was still in place despite following Symantec article 130940 which was meant to completely remove backup exec from a windows server.

Again we see same GUID of the Symantec provider which was presented in the event error and the registry, {5fdb6ef5-6ead-4610-995b-401c88626115}.

I then followed Symantec article 77585 to completely remove the Backup Exec VSS Provider by deleting the {5fdb6ef5-6ead-4610-995b-401c88626115} key from the following location in the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Providers\

http://www.symantec.com/business/support/index?page=content&id=TECH77585

After restarting the VSS service we see the Backup Exec VSS Provider is no longer available.

I then rebooted the server.  After a reboot I attempted another backup with wbadmin.  We got further this time but it still crashed out.

Some new event logs exist now:

Log Name:      Application
Source:        Application Error
Date:          13/03/2013 2:47:07 PM
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      DomainController
Description:
Faulting application name: wbengine.exe, version: 6.1.7601.17514, time stamp: 0x4ce79951
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc0000374
Fault offset: 0x00000000000c40f2

Log Name:      Application
Source:        VSS
Date:          13/03/2013 2:47:11 PM
Event ID:      8193
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      DomainController
Description:
Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...).  hr = 0x80070005, Access is denied.
.
Operation:
   Initializing Writer
Context:
   Writer Class Id: {35e81631-13e1-48db-97fc-d5bc721bb18a}
   Writer Name: NPS VSS Writer
   Writer Instance ID: {37bef355-a711-4241-a2bc-91f1181c845b}

 

VSS Event ID 8193 says that the VSS provider was denied access when opening a registry key under the security context of SYSTEM

 

SYSTEM\CurrentControlSet\Services\VSS\Diag,...). 

 

Damn it cut off!  We could use Sysinternals ProcMon to get the full path however lets just force FULL access for tye System account from the DIAG key downwards.

 

 

 After making this change I then tested another wbadmin.  Made no difference. :-(

 

I searched the entire registry for the GUID of the Backup Exec VSS Provider to ensure nothing was missed.  My search found nothing.  Whilst I have isolated the problem to the VSS Provider provided by Symantec, a change made by the Symantec Backup Exec agent remains and as a result wbadmin will not function.

If there is someone out there who has fixed this issue can you please comment below with your resolution to ensure others with this issue have a fix as this is not documented anywhere on the Internet.

The backup storage location is invalid. You cannot use a volume that is included in the backup as a storage location.

I was about to do a large number of Active Directory changes on a domain controller and needed to grab a system state backup before proceeding.  I took a system state backup using the wbadmin utility on a 2008 R2 SP1 domain controller by using the following command from a command prompt:

wbadmin start systemstatebackup -backupTarget:c:

When running the command I received the following error message:

The backup storage location is invalid. You cannot use a volume that is included in the backup as a storage location.

The resolution for this problem was adding a new Key and DWORD value to the system registry.  Create the following:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wbengine.
Create a key called "SystemStateBackup"
Set the value of this entry as follows:
Name: AllowSSBToAnyVolume
Data type: DWORD
Value data: 1

After creating the registry key the system state backup now completed successfully. 

The FTP site cannot be started. Another FTP site may be using the same port.

I found what appears to be a bug today with Microsoft FTP on IIS 7.5 running on Windows Server 2008 R2 where I would get a false error message.

"The FTP site cannot be started.  Another FTP site may be using the same port."

This occurs when right clicking the FTP site and trying to start it.

Now I know that I do not have any services listening on TCP21 on my server.  A netstat shows this.

I did however have a test service running on TCP21 for a small period of time to verify the firewall portforwarding rules are setup correctly.

When attempting to start a FTP site on IIS7.5, it does not check that TCP21 is free, it checks prior at some stage.  To get it to recheck properally you need to restart the "Microsoft FTP Service"

Ahh now all is good... this bug had me scratching my head for a second!

NSClient++ Clients Report Arguments not Enabled

I am currently in the process of deploying the open source Nagios monitoring platform for a customer to provide them the ability to monitor their Windows machines, network infrastructure and virtual environment.

There are a couple of Nagios agents for Windows out there such as NSClient++, NC_Net and WINRPE which all do a great job of extracting Event Logs, Disk Utilization, Process Status, Service Status, Schedule Tasks, Windows Update Status, Anti Virus protection and much more.

In my deployment I chose to implement the NSClient++ on my Windows Server infrastructure.  The copy of NSClient++ I'm using is NSCP-0.4.1.90-x64.msi which I downloaded from the downloads page:

http://nsclient.org/nscp/downloads

When installing the application I chose to enable both Check_NT and Check_NRPE.

Check_NT is the legacy method for monitoring Windows hosts which only provides basic reporting functionality.

Check_NRPE is the more advanced reporting functionality which provides endless functionality including the ability to execute bat, vbs and powershell scripts on hosts monitored.

After NSClient++ was installed on my servers I tested it using the following command from my Nagios server:

[root@Nagios objects]# /usr/lib/nagios/plugins/check_nrpe -H 10.1.1.40

I (0,4,1,90 2013-02-04) seem to be doing fine...

Great all is well.

Now I went to shoot a test command to check my drive size on C:\ however when running this command I got the following error:

Exception processing request: Request contained arguments (not currently allowed, check the allow arguments option).

To Resolve this problem I needed to allow arguments in the nsclient.ini file on my Windows workstation by adding the following code:

[/settings/NRPE/server]
allow arguments=1

I added this configuration just below the allowed_hosts section of the default nsclient.ini file as shown in the following screenshot:

After making this change and restarting the NSClient++ Service all was well, I was able to successfully run Check_NRPE commands against my Nagios server.

Hope this blog post helps someone.

An insight into Exchange 2013 Safety Net

Saftey Net is the new version of Transport Dumpster which was first introduced in Exchange 2007 and was continued in Exchange 2010.  I wrote about Transport Dumpster back in May 2011, please refer to the following blog post URL:

http://clintboessen.blogspot.com/2011/05/continuous-replication-block-mode-vs.html

However lets do a quick recap...

Transport Dumpster resides on all Hub Transport roles on both Exchange 2007/2010.  All messages which get delivered to users mailboxes is routed through a hub transport server and stored in Transport Dumpster.  In the event an email is sent from one user to another user on the same mailbox server, the mailbox server routes the email to a hub transport server and back again through MAPI.  This is to ensure that things such as journaling rules, transport rules and any other transport agents take effect, the message is filtered for malware/viruses (if configured), the message is trackable using message tracking logs and the message is copied in transport dumpster for a small period of time.

The following diagram shows what happens when Joe sent an email to Bob on the same mailbox server, the message goes to a hub transport server in the same AD site then back again to the mailbox server.

In Exchange 2010 the Transport Dumpster is controlled using the Set-TransportConfig cmdlet is configured to 15MB per database per default.  This means for every mailbox database the transport dumpster will always hold the last 15MB of email delivered to the  mailbox server.

What is the point?

In a database availability group (DAG) environment your active copy ships transaction logs to your passive copies.  What happens if suddenly your active mailbox server was to fail?  The passive copy may have not received the last transaction log, this will result in mail loss (assuming file mode replication is used).  After a mailbox database failover in a DAG environment, the new active copy will check for any non-replicated emails in the transport dumpster.  In the event it requires additional email, it will retrive the missing content from the dumpster.

Exchange 2013 Safety Net

Now that we have done a quick recap of Exchange Transport Dumpster which existed in Ex2010/2007 for DAG/CCR environments, lets look at whats new in Exchange 2013 Safety Net.

Unlike Transport Dumpster, Safety Net you cannot configure how many MB of messages to store, only how long you want to store messages with the default being 2 days.  This is because by setting a limit on the amount of data can result in data loss during a failover in the event a large amount of data had not replicated to the passive database copy.  Microsoft wanted to design Safety Net as a lossless solution hence this design change.

Message resubmissions from Safety Net are initiated by the Active Manager component of the Microsoft Exchange Replication service that manages DAGs and mailbox database copies. No manual actions are required to resubmit messages from Safety Net.

Safety Net is a queue that's associated with the Transport service on a Mailbox server. This queue stores copies of messages that were successfully processed by the server.  Safety Net uses the mail.que database, the same database which is used to store messages in queue.  As by default Safety Net will keep the last 2 days worth of email in this queue, expect the mail.que database to be larger then previous versions of Exchange.

The mail.que database file uses the Extensive Storage Engine (ESE), the same database technology which is used by the mailbox databases themselves.

Another improvement with Exchange 2013 Safety Net over Transport Dumpster is redundancy.  Safety Net itself is now redundant, and is no longer a single point of failure. This introduces the concept of the Primary Safety Net and the Shadow Safety Net. If the Primary Safety Net is unavailable for more than 12 hours, resubmit requests become shadow resubmit requests, and messages are re-delivered from the Shadow Safety Net.

With Safety Net being redundant, you can now feel confident in configuring the database mount dial setting to a more relaxed setting other then lossless and still feel confident that email will not be lost during failover.

msDS- Attributes in Active Directory

This is a short post to explain what msDS- attributes are in Active Directory.  As an administrator responsible for maintaining your companies Active Directory environment at some stage you have probably seen a bunch of msDS attributes linked to class objects such as user accounts.

What are msDS- attributes and how are they different to other attributes?

msDS- attributes are designed to hold data for Microsoft applications.  As best practice Microsoft recommends administrators never modify msDS- attributes as it can cause issues with applications.

Any attribute beginning with msDS- reference it, but do not modify it unless the changes is made through the application to avoid issues in your environment.

Group Policy Scripts in Windows Server 2008/2008R2/2012

With the release of Group Policy Management Console (GPMC) on server 2003, Group Policy had many sample scripts which were very handy when working with Group Policy.  These scripts included:

BackupAllGPOs.wsf
BackupGPO.wsf
CopyGPO.wsf
CreateEnvironmentFromXML.wsf
CreateGPO.wsf
CreateMigrationTable.wsf
CreateXMLFromEnvironment.wsf
DeleteGPO.wsf
DumpGPOInfo.wsf
DumpSOMInfo.wsf
FindDisabledGPOs.wsf
FindDuplicateNamedGPOs.wsf
FindGPOsByPolicyExtension.wsf
FindGPOsBySecurityGroup.wsf
FindGPOsWithNoSecurityFiltering.wsf
FindOrphanedGPOsInSYSVOL.wsf
FindSOMsWithExternalGPOLinks.wsf
FindUnlinkedGPOs.wsf
GetReportsForAllGPOs.wsf
GetReportsForGPO.wsf
GrantPermissionOnAllGPOs.wsf
ImportAllGPOs.wsf
ImportGPO.wsf
Lib_CommonGPMCFunctions.js
ListAllGPOs.wsf
ListSOMPolicyTree.wsf
QueryBackupLocation.wsf
RestoreAllGPOs.wsf
RestoreGPO.wsf
SampleEnvironment.xml
SampleMigrationTable.migtable
ScriptingReadme.rtf
SetGPOCreationPermissions.wsf
SetGPOPermissions.wsf
SetGPOPermissionsBySOM.wsf
SetSOMPermissions.wsf

These scripts are no longer packaged with Group Policy Management console in Server 2008/2008R2 or Server 2012.  Microsoft however has released these scripts for download to be used with any of the later versions of the Windows Operating system.  To download these scripts please view the following TechNet website:

http://www.microsoft.com/en-us/download/details.aspx?id=14536

Converting Basic Disk to Dynamic Disk Stripped SMB Shares

We experienced a very interesting problem on a Windows Server 2003 file server in which all SMB shares were removed from the file server upon reboot.  We were in the process of moving a data volume from a Raw Device Mapping (RDM) to a VMDK virtual disk file in VMware.  To achieve this we were going to perform the following tasks within the virtual machine:

1. Present a new VMDK to the Virtual Machine
2. Convert the NTFS Volume from Basic to Dynamic
3. Create a Software RAID1 Mirror between the RDM and VMDK volumes
4. Allow for Windows Software Raid to replicate the data
5. Remove the RAID1 Mirror for the RDM volume.

Upon converting the basic volume to a dynamic volume, Windows Server 2003 asked to reboot the server.  Upon reboot, all SMB shares on the file server automatically removed themselves.  There were hundreds of shares and as a result users could not get access to resources.

To recover the shares we simply restored the system registry which can be achieved through performing a system state restore.  Windows stores all SMB shares under the following location in the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares

We found the following Symantec article very helpful during this procedure:

http://www.symantec.com/business/support/index?page=content&id=TECH159845

Your computer can't connect to the remote computer because an error occurred on the remote computer that you want to connect to

I experienced an issue at a customer site with with a new Remote Desktop Services deployment on Windows Server 2008 R2 when building a Server Farm.

 

When Windows 7 PC's accessed a RemoteApp or attempted create a remote desktop session using the Microsoft Terminal Services Client (MSTSC.exe) they were able to connect to the farm without problems.

 

When an Windows XP PC accessed the remote desktop farm, the following error was experienced:

 

"Your computer can't connect to the remote computer because an error occurred on the remote computer that you want to connect to.  Contact your network administrator for assistance."

 

After researching the issue it turned out that the RD Session Hosts needed to be configured to use RDP Security as the Security Layer.  After installing a custom trusted certificate to the RDP-Tcp connection to ensure users connecting to the session hosts do not receive RDP Certificate not trusted warnings the issue started occuring.

These configuration options can be found under "Remote Desktop Session Host Configuration"

 

By default the Security layer was set to Negotiate.

 

Set all servers to RDP Security Layer in your farm to ensure both XP and Windows 7 clients can connect.

WSUS Not Working

I had an issue at a customer today where a new WSUS server was not patching clients.  I went through the WSUS configuration, all was correct.

Problem Symptoms

The symptoms of this problem are as follows:

Windows 7/2008 clients recieved the following message when attempting to receive updates from the WSUS server.

Windows could not check for updates automatically. (Important)

 

For these workstations, they report in WSUS with Last Status Report as Not yet reported.

 

 

On member servers and workstations experiancing the update issue, the following was observed in the WindowsUpdate.log file found under %WINDIR%\WindowsUpdate.log

WARNING: Search callback failed, result = 0x80072EFD
WARNING: Failed to find updates with error code 80072EFD

Here is the full Log:
2013-01-30 15:21:29:317  772 a54 Agent *************
2013-01-30 15:21:29:317  772 a54 Agent ** START **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-01-30 15:21:29:317  772 a54 Agent *********
2013-01-30 15:21:29:317  772 a54 Agent   * Online = Yes; Ignore download priority = No
2013-01-30 15:21:29:317  772 a54 Agent   * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2013-01-30 15:21:29:317  772 a54 Agent   * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2013-01-30 15:21:29:317  772 a54 Agent   * Search Scope = {Machine}
2013-01-30 15:21:29:491  772 a54 Setup Checking for agent SelfUpdate
2013-01-30 15:21:29:539  772 a54 Setup Client version: Core: 7.6.7600.256  Aux: 7.6.7600.256
2013-01-30 15:21:31:552  772 a54 Misc WARNING: Send failed with hr = 80072efd.
2013-01-30 15:21:31:557  772 a54 Misc WARNING: SendRequest failed with hr = 80072efd. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-01-30 15:21:31:557  772 a54 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://ang-pth-upd1/selfupdate/wuident.cab>. error 0x80072efd
2013-01-30 15:21:31:557  772 a54 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072efd
2013-01-30 15:21:31:557  772 a54 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072efd
2013-01-30 15:21:31:557  772 a54 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072efd
2013-01-30 15:21:49:646  772 a54 Misc WARNING: Send failed with hr = 80072efd.
2013-01-30 15:21:49:646  772 a54 Misc WARNING: SendRequest failed with hr = 80072efd. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-01-30 15:21:49:646  772 a54 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://ang-pth-upd1/selfupdate/wuident.cab>. error 0x80072efd
2013-01-30 15:21:49:646  772 a54 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072efd
2013-01-30 15:21:49:646  772 a54 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072efd
2013-01-30 15:21:49:646  772 a54 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072efd
2013-01-30 15:21:53:899  772 a54 Misc WARNING: Send failed with hr = 80072efd.
2013-01-30 15:21:53:899  772 a54 Misc WARNING: SendRequest failed with hr = 80072efd. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-01-30 15:21:53:899  772 a54 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://ang-pth-upd1/selfupdate/wuident.cab>. error 0x80072efd
2013-01-30 15:21:53:899  772 a54 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072efd
2013-01-30 15:21:53:899  772 a54 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072efd
2013-01-30 15:21:53:899  772 a54 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072efd
2013-01-30 15:21:58:153  772 a54 Misc WARNING: Send failed with hr = 80072efd.
2013-01-30 15:21:58:153  772 a54 Misc WARNING: SendRequest failed with hr = 80072efd. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-01-30 15:21:58:153  772 a54 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://ang-pth-upd1/selfupdate/wuident.cab>. error 0x80072efd
2013-01-30 15:21:58:153  772 a54 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072efd
2013-01-30 15:21:58:153  772 a54 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072efd
2013-01-30 15:21:58:153  772 a54 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072efd
2013-01-30 15:21:58:153  772 a54 Misc WARNING: DownloadFileInternal failed for http://ang-pth-upd1/selfupdate/wuident.cab: error 0x80072efd
2013-01-30 15:21:58:153  772 a54 Setup WARNING: SelfUpdate check failed to download package information, error = 0x80072EFD
2013-01-30 15:21:58:153  772 a54 Setup FATAL: SelfUpdate check failed, err = 0x80072EFD
2013-01-30 15:21:58:153  772 a54 Agent   * WARNING: Skipping scan, self-update check returned 0x80072EFD
2013-01-30 15:21:58:213  772 a54 Agent   * WARNING: Exit code = 0x80072EFD
2013-01-30 15:21:58:213  772 a54 Agent *********
2013-01-30 15:21:58:213  772 a54 Agent **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-01-30 15:21:58:213  772 a54 Agent *************
2013-01-30 15:21:58:213  772 a54 Agent WARNING: WU client failed Searching for update with error 0x80072efd
2013-01-30 15:21:58:213  772 a0c AU >>##  RESUMED  ## AU: Search for updates [CallId = {44F20E45-61DE-4968-9DE7-32BD9B0ACFB0}]
2013-01-30 15:21:58:213  772 a0c AU   # WARNING: Search callback failed, result = 0x80072EFD
2013-01-30 15:21:58:213  772 a0c AU   # WARNING: Failed to find updates with error code 80072EFD
2013-01-30 15:21:58:213  772 a0c AU #########
2013-01-30 15:21:58:213  772 a0c AU ##  END  ##  AU: Search for updates [CallId = {44F20E45-61DE-4968-9DE7-32BD9B0ACFB0}]
2013-01-30 15:21:58:213  772 a0c AU #############

Resolution

The resolution to these problems in my case was upgrading my WSUS 3.0 server to Service Pack 2 by applying KB2720211.  This can be found under the following URL:

http://support.microsoft.com/kb/2720211

I then wanted all computers in my domain to attempt to detect new updates using the wuauclt.exe /discovernow, to ensure the WSUS console populated correctly and all machines started downloading new updates.  To do this I populated a list of all computers in the domain using the DSQUERY tool.

DSQUERY COMPUTER “DC=mydomain,DC=com” -o rdn -limit 1000 > c:\machines.txt

I then used Excel to construct the following psexec statement in mass wrapping the "psexec \\" and " wuauclt.exe /detectnow" strings around the computer name.

psexec \\COMPUTER1 wuauclt.exe /detectnow
psexec \\COMPUTER2 wuauclt.exe /detectnow
psexec \\COMPUTER3 wuauclt.exe /detectnow

I copyed this content from Excel to a batch script.

I then downloaded psexec from the following sysinternals website on TechNet:

http://technet.microsoft.com/en-au/sysinternals/bb897553.aspx

Ran the batch script and forced every computer on my domain to discover for updates instead of having to wait for them to do it automatically.

Group Policy Software Installation Not Working

Today a customer had a few Windows 7 workstations which were  not receiving software which is pushed through group policy.  RSOP.msc and gpresult had confirmed that the group policy instructing the software installation was successfully applied to the workstation.  Despite group policy applying, the assigned application would not install.

I then found out that the following events had occurred:

1. The application had installed through Group Policy in the past.
2. An Administrator uninstalled the application through Add/Remove Programs in Control Panel
3. The administrator ran gpupdate /force assuming the application would re-install automatically.

This is normal behavior  if an Administrator manually removes an assigned application, it will not automatically redeploy upon computer reboot.  This is because the Software Installation Engine which runs on the Workstation does not know the assigned application has been removed, hence it does not attempt to reinstall.

How do you force the application to be re-installed?

All applications which are assigned through Group Policy get added to the computers registry under:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\AppMgmt

The applications will appear under this policy as a bunch of GUID's.

If you select one of the GUID's it it will have a string value called GPO Name which will display the name of the Group Policy Object.

Delete the GUID of the application which is not deploying.

Run a GPUpdate /Force

Reboot the workstation.

The application will now install

Exchange 2003 and Windows Server 2012 Domain Controller

A customer asked me today if they can upgrade to their domain controllers to Windows Server 2012 whilst running Exchange Server 2003.

Exchange 2003 does not support Windows Server 2012 Domain Controllers.

This not only includes the 2012 Forest Funtional Level (FFL) and 2012 Domain Functional Level (DFL) but the Windows Server 2012 DC's.  If you have a Windows Server 2012 Domain Controller running 2003 FFL/DFL, this is still not supported.

There is no support planned for Windows Server 2012 Domain Controllers with Exchange 2003.

Windows 8 Won't Shutdown

One of my friends purchased a Windows 8 computer and complained to me that no matter what they do the machine will not shutdown through use of the Start Portal, Task Manager or even using the shutdown command from command prompt such as:

shutdown.exe -s -f

After some research it turns out that the issue was caused by the Windows 8 new dynamic ticking feature.  This feature is aimed at helping you increase your devices battery life by varying the speed of your device's processor based on its workload.  For some reason this feature on this computer prevented shutdown all together.

The fix was to use BCDEdit to disable the BCDEdit feature using the following command from an elevated command prompt.

bcdedit /set disabledynamictick yes

During my research I also saw complaints about the dynamic ticking feature causing Windows 8 to crash and freeze with older processors and older mainboards.  For more information about these problems other people have had please refer to following blog post:

http://www.oscarcao.com/blog/2012/08/21/fix-for-windows-8-hanging-and-freezing

Dell Wireless Driver

I had a bit of a drama finding a driver for the following hardware ID today on a customers laptop.

PCI\VEN_168C&DEV_002B&SUBSYS_02051028&REV_01
PCI\VEN_168C&DEV_002B&SUBSYS_02051028
PCI\VEN_168C&DEV_002B&CC_028000
PCI\VEN_168C&DEV_002B&CC_0280
It turned out to be a Dell Wireless 1702 802.11b/g/n adapter which can be found under R301705.exe.  Download this driver from the following website:

http://www.dell.com/support/drivers/au/en/aubsd1/DriverDetails?driverId=R301705

Hope this post has been helpful.

Citrix Gateway 3.0 - The server certifiate specified is unusable

Today I attempted to replace a certificate on a Citrix Gateway.  When replacing the certificate in the Secure Gateway Configuration Wizard I received the following error message:

"The server certificate specified is unusable"

Citrix has the following knowledge base article on this problem however it did not resolve my issue.  This knowledge base article can be found under the following address.

http://support.citrix.com/article/CTX118548

I created the certificate on a Windows 2008 server using MMC console using a procedure similar to the following:

http://techontip.wordpress.com/tag/san-certificate-request-from-windows-mmc/

I exported the certificate with private key and imported it onto my Citrix Gateway server running Windows 2003 server.

After some further investigation it turns out that Citrix Gateway does not support certificates which were exported from one server then imported.  The Certificate signing request MUST be created on the Citrix Gateway server otherwise Citrix will complain about the certificate.  After recreating the certificate on the Citrix Gateway server I did not have any issues.

I was using Citrix Gateway version 3.0.0

Hope this post has been helpful.

Whats this new In-Place buzz word?

Some of my customers have been asking me lately about some of the new In-Place features of Exchange 2013.  In-Place is a new buzz word which has been adopted by the Exchange product team when naming some of the features of Exchange 2013.

For example we have:

In-Place Archive (formally Personal Archive in Exchange 2010)
In-Place Hold (formally Legal Hold in Exchange 2010)
In-Place Discovery (formally Multi-Mailbox Search in Exchange 2010)

While these features were in Exchange 2010, they have been improved and revamped in Exchange 2013 with new interfaces and closer interaction with other products such as SharePoint 2013 and Lync 2013.

For more information on In-Place Archive please visit:

http://technet.microsoft.com/en-us/library/dd979800.aspx

For more information on In-Place Hold please visit:

http://technet.microsoft.com/en-us/library/ff637980.aspx

For more information on In-Place Discovery please visit:

http://technet.microsoft.com/en-us/library/dd298021.aspx

A quick look at Exchange 2013 Managed Availability

Microsoft Exchange 2013 has a new monitoring and alerting engine built into the product called Managed Availability.  Managed Availability detects, alerts and recovers problems as they occur within the product.

In previous versions of Exchange such as 2007/2010, Microsoft recommended Administrators used System Center Operations Manager (SCOM) to monitor an Exchange environment.  In Exchange 2013, the product now has its own monitoring engine which companies can leverage to provide an insite into their email infrastructure.

Note: SCOM Intergration with Exchange 2013 will still be supported

The Managed Availability platform was designed to provide a monitoring solution for a single server deployment of Exchange through to the largest deployments of Exchange in the world.  Microsoft leveraged its experiance with the Office 365 and Exchange Online over the past 6 years to determine which alerts from the SCOM management pack are useful and which alerts are not.  From the 1100 alerts in the management pack, 150 were seen as useful.

For common re-occuring issues which Microsoft experianced in the Office 365 environment, an automated recovery process was put in place to automatically resolve issues to ensure administrative intervention was not required. These automated recovery processes are not available in Exchange Server 2010.  In Exchange 2013, Microsoft has brought the recovery workflow engine based on its learnings from Office 365 to an on-premises environment so companies can benefit in automatic recovery of Exchange related issues.  In my opinion this is a significant selling point between Microsoft Exchange 2013.

To ensure you have a firm understanding on the Exchange 2013 Managed Availability engine, I will run through the core components below.

Probes

Probes essentially probe the environment to identify portential problems with the environment.  They are similar to the test cmdlets in past releases of Exchange in the way they measure the perception of services by executing end-to-end user transactions against core services.

Monitors

Data collected by probes is fed into Monitors.  Monitors look at the results of probes and come to a conclution based on a number of additional checks programmed into each monitor.  The conclution of a monitor is either the service is healthy or unhealthy.

The correlation between Probes an Monitors is Many to One where Many Probes can be fed into a single monitor.

Responders

Responders only execute in the event a monitor is marked in an unhealthy state.  Depending on the monitor which entered an unhealthy state, there are severa responders available to respond to the monitor:

• Restart Responder  Terminates and restarts service
• Reset AppPool Responder  Cycles IIS application pool
• Failover Responder  Takes an Exchange 2013 Mailbox server out of service
• Bugcheck Responder  Initiates a bugcheck of the server
• Offline Responder  Takes a protocol on a machine out of service (in the event a load balanced clustered environment is available, this the faulty service will not disrupt services)
• Escalate Responder  escalates an issue
• Specialized Component Responders  

For more information about Exchange 2013 Managed Availability please see the following blogpost put together by Ross Smith IV which can be found on the following website:

http://blogs.technet.com/b/exchange/archive/2012/09/21/lessons-from-the-datacenter-managed-availability.aspx

Schemus Mail Configuration hanging on Loading

I was configuring the Schemus Mail Configuration tool to synchronise recipient information from an Active Directory forest to Symantec Cloud but ran into an issue with the Synchronisation tool.

I entered the configuration for an Active Directory domain controller into the tool along with a username and password as follows:

When clicking next the wizard would get stuck on Loading and not progress any further.

After clicking cancel and closing the wizard then selecting View --> Logs I noticed multiple entries of "Cannot access the LDAP server. Malformed reply from SOCKS server"

 

Can't access the LDAP server. Malformed reply from SOCKS server

com.metanate.schemus.data.source.SourceException: Malformed reply from SOCKS server
 at com.metanate.schemus.data.source.LdapSource.setContext(Unknown Source)
 at com.metanate.schemus.data.source.LdapSource.ensureOpen(Unknown Source)
 at com.metanate.schemus.data.source.LdapSource.getSearchBases(Unknown Source)
 at com.metanate.schemus.config.gui.wizard.swing.source.SearchSettingsPanel$2.construct(Unknown Source)
 at com.metanate.schemus.config.gui.wizard.swing.SwingWorker$2.run(Unknown Source)
 at java.lang.Thread.run(Unknown Source)
Caused by: javax.naming.CommunicationException: 10.100.8.91:389 [Root exception is java.net.SocketException: Malformed reply from SOCKS server]
 at com.sun.jndi.ldap.Connection.(Unknown Source)
 at com.sun.jndi.ldap.LdapClient.(Unknown Source)
 at com.sun.jndi.ldap.LdapClient.getInstance(Unknown Source)
 at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
 at com.sun.jndi.ldap.LdapCtx.(Unknown Source)
 at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
 at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
 at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
 at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
 at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
 at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
 at javax.naming.InitialContext.init(Unknown Source)
 at javax.naming.ldap.InitialLdapContext.(Unknown Source)
 ... 6 more
Caused by: java.net.SocketException: Malformed reply from SOCKS server
 at java.net.SocksSocketImpl.readSocksReply(Unknown Source)
 at java.net.SocksSocketImpl.connect(Unknown Source)
 at java.net.Socket.connect(Unknown Source)
 at java.net.Socket.connect(Unknown Source)
 at java.net.Socket.(Unknown Source)
 at java.net.Socket.(Unknown Source)
 at com.sun.jndi.ldap.Connection.createSocket(Unknown Source)

 

SOCKS is a proxy technology.  After checking Internet Options it turns out that a proxy server was configured on the server.

Removing the proxy server from Internet Options resolved the problem.