Monday, August 31, 2009

Driver Signing Preventing Exchange 2003 from Installing

I was installing exchange 2003 on windows server 2003 SP2, and every dll file it tried to copy it would pop up with:

The driver software you are installing has not been properly signed with Authenticode(TM) technology. Therefore, Windows cannot tell if the software has been modified since it was published. The publisher's identity cannot be verified because of a problem:
The parameter is incorrect.



Whenever I clicked Yes, it would pop up again for the next file resulting in a very slow exchange 2003 installation. With a bit of hunting around I found out the registry key to stop Authenticode from warning every file located under:

HKLM\Software\Microsoft\Non-Driver Signing

Set Policy to 00


Before:


After:


After making this change the setup completed successfully and the Security Alert - Driver Signing message stopped popping up and the installation completed successfully.

Exchange 2007 SP2

Microsoft has finally released Exchange 2007 SP2. This requires another schema update to install - so make sure your account is member of the schema admins group and take a sysstate backup of your schema master before proceeding.

The Microsoft Exchange Team has already documented the core new features and changes of Exchange 2007 SP2 here. However I'm just going to repeat a few of the core featurs from there site:

• Enhanced Auditing - New Exchange auditing events and audit log repository enable Exchange administrators to more easily audit the activities occurring on their Exchange servers. It allows the right balance of granularity, performance, and easy access to audited events via a dedicated audit log repository. This simplifies the auditing process and makes review of audited events easier by segregating audited events in a dedicated location.

• Exchange Volume Snapshot Backup Functionality - A new backup plug-in has been added to the product that will enable customers to create Exchange backups when a backup is invoked through the Windows Server 2008 Backup tool. Exchange Server 2007 didn't have this capability on Windows Server 2008 and additional solutions were required to perform this task.

• Dynamic Active Directory Schema Update and Validation - The dynamic AD schema update and validation feature allows for future schema updates to be dynamic deployed as well as proactively preventing conflicts whenever a new property is added to the AD schema. Once this capability is deployed it will enable easier management of future schema updates and will prevent support issues when adding properties that don't exist in the AD schema.

• Public Folder Quota Management - SP2 enables a consistent way to manage quotas by improving the current PowerShell cmdlets to perform quota management tasks.
• Centralized Organizational Settings - SP2 introduces new PowerShell option that enable centralized management of many of the Exchange organization settings.

• Named Properties cmdlets - SP2 enables Exchange administrators to monitor their named property usage per database.

• New User Interface for Managing Diagnostic Logging- SP2 enables Exchange administrators to easily configure and manage diagnostic logging from within the Exchange Management Console.

I have implemented and have found no bugs to this point. The new powershells cmdlets are fantastic.

Thursday, August 27, 2009

System State Backup in Server 2008

In Server 2008 there is no more NTBackup so system state backups now need to be done using the 2008 backup utility. First you need to ensure that the backup features are installed including the command line ones in features under server management.



You are then able to use the wbadmin command to backup the system state of a server by using:

wbadmin start systemstatebackup -backuptarget:e:

Please note that server 2008 by default does not allow you to backup to a network share or the critical volume (which is the volume that the system is installed on, ususally c:). If you do you will get this error:

ERROR - The location for backup is a critical volume.



If you only have one drive letter c: on a server and you need to back up to it, you can get around it by following Microsoft Knowledge Base 944530.

Prerequisites to perform system state backups to critical volumes:

- Make sure that the target volume has no shadow copy before the backup starts.
- If a system state backup is stored on a source volume, backup settings should be configured for full backups. By default, settings are configured for full backups.
- Periodically check that no other user or program maintains a shadow copy on the target volume.
- Do not keep volume level backups and system state backups in the same location.
- The volume used to store the system state backup needs twice the amount of free space as the size of the system state backup until the backup completes.

To enable the system state backup files to be targeted to critical volumes, you must set the value of the AllowSSBToAnyVolume registry entry under the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wbengine\SystemStateBackup\

Set the value of this entry as follows:
Name: AllowSSBToAnyVolume
Data type: DWORD
Value data: 1

Create the key called SystemStateBackup:


Create the DWORD called AllowSSBToAnyVolume:


Give the DWORD AllowSSBToAnyVolume a value of 1:


It will then go ahead and perform the task:

Monday, August 17, 2009

Fix Spellcheck Office 2010 Technical Preview

In the technical preview Microsoft released to the public, the spell check does not work. To fix this, delete the Overwrite key located under:

HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Proofing Tools\1.0\Override



Close all office applications then reopen one like word. Navigate to options:



In Options click proofing then click recheck document.



From here on out provided you have check spelling while you type selected it will automatically underline spelling mistakes in red.

Sunday, August 16, 2009

Find What Active Sync Devices Users are Using

I had a client that wanted to know how many of a particular type of windows mobile device they had in their environment. Below are the ways to gather this information using both Exchange 2003 SP2 and Exchange 2007.

For Exchange 2003 SP2 you need to go to https://servername/MobileAdmin. For more information visit this website:

http://msexchangeteam.com/archive/2005/07/07/407416.aspx

Please note that MobileAdmin needs to be downloaded, get it from here:
http://www.microsoft.com/DOWNLOADS/details.aspx?FamilyID=e6851d23-d145-4dbf-a2cc-e0b4c6301453&displaylang=en

Make sure you download MobileAdmin (Ex2003).exe not MobileAdmin.exe.

For Exchange 2007 use the following command:

Get-Mailbox -ResultSize:Unlimited | ForEach {Get-ActiveSyncDeviceStatistics -Mailbox:$_.Identity} | ft -AutoSize DeviceType,DeviceUserAgent,identity



Note MobileAdmin can also be used for Ex2007 however it's not required as you have powershell. For Exchange 2007 also get it from:

http://www.microsoft.com/DOWNLOADS/details.aspx?FamilyID=e6851d23-d145-4dbf-a2cc-e0b4c6301453&displaylang=en

Tuesday, August 11, 2009

Scripting - Find out how many users in a domain

I required a simple script to find out how many users are in an AD domain. Before creating one myself I looked and found one thats really easy and basic to use from windowsitpro.

http://windowsitpro.com/article/articleid/79302/jsi-tip-7262-how-many-users-exist-in-your-domain.html

Here is the batch script:

@echo off
setlocal
set /a numb=0
for /f "Skip=4 Tokens=*" %%i in ('net user /domain^|findstr /v /c:"----"^|findstr /v /i /c:"The command completed"') do (
set line=%%i
call :parse
)
@echo Number of users=%numb%
endlocal
goto :EOF
:parse
set name=%line:~0,25%
set /a numb=%numb% + 1
set name=%line:~25,25%
if not "%name%" EQU "" set /a numb=%numb% + 1
set name=%line:~50,25%
if not "%name%" EQU "" set /a numb=%numb% + 1

Just save it in a file with a bat extention and run it:

Monday, August 10, 2009

Windows Vista Sound Problem Gotcha!

This is fairly basic compared to the stuff I ususally post about however this had me stumped for over an hour - this is really a stupid stupid stupid problem that would cause many end users alot of grief including me and I'm an IT Professional! Simple problem "Dell Studio 15 notebook lost sound". Under the sound options in control panel Speakers and Headphones is missing:



Under device manager none of the sound devices are disabled. Ususally disabled devices have a little down arrow icon on the device - this is the way it has always been until Vista apparently!



Believe it or not if you disable a sound device under sound options in control panel it does not display as disabled in device manager. Additionally it does not display at all under the sound options window control panel by default either as demonstrated in the above screenshot. So how do you get it back? You have to know to right click - does this look like a typical right click microsoft interface? No!



You are then able to re-enable the device.



The main reason why I'm so annoyed however is this problem is not included in any of the windows help documentation or user trouble shooting guides for sound related problems that come with windows. The fact they made hidden sound devices so hard to find for someone not knowing what they are doing and the fact that this is not a step in the sound trouble shooting guide is not cool Microsoft.

Another reason why im so angry is Microsoft made a automated tool for resolving configuration issues with sound problems for windows vista called the Microsoft Automated Troubleshooting Services 1.0. To use it click the following link (note the page will only display correctly if your using internet explorer and windows vista NOT XP).
http://support.microsoft.com/gp/no_sound
However this tool failed to resolve the problem. Don't you think checking that all sound devices are enabled would be one of the basic checks a trouble shooting tool would do?

Sunday, August 9, 2009

Exchange 2010 Database Mobility

In today's post I'm going to write about Exchange 2010 Database Mobility and the changes that have been made to the mailbox server role.

If you have been following exchange, you will remember with the coming of Exchange 2007 Administrative Groups are GONE and the administrative delegation structure has been vastly changed as a result of this. One thing still remained, the existance of Storage Groups which in my opinion was stupid because of the following reason. Exchange 2007 standard lets you have 5 storage groups and 5 mailbox databases per server. Exchange 2007 enterprise let you have 50 storage groups and 50 mailbox databases per server. Microsoft's best practice was to always place each mailbox database in its own storage group as transaction logs are setup on a storage group basis and when doing a restore you want the logs to be associated with just that one database your restoring (not all databases). So whats the point of keeping storage groups? Now in Exchange 2010 Microsoft has finally completely got rid of storage groups.

Another big change is that mailbox databases are now seen as an organisational object and no longer a server object. This means mailbox database settings can be found under organisational configuration and no longer server configuration under exchange management console. The reason behind this lies with Microsoft's new high availability with mailbox databases in Exchange 2010 with the use of DAG's (Database Availability Groups). Also on this note, because mailbox databases are at an organisational level now, database names must be unique. You can no longer have multiple servers with the same mailbox database called "Mailbox Database" or something generic. This is something I wanted for a while because when your in a large organisation and you use Get-MailboxDatabase its very annoying when every mailbox database that is returned is called the same thing!

What are Database Availability Groups?

Database Availability Groups are groups of database servers. It is essentially a boundary for mailbox database replication. You can have up to 16 servers per DAG, but you can create multiple DAGs in your exchange organisation. What DAGs let you do is have a mailbox database on multiple servers. I made a diagram below to help explain this. Below is a DAG called My Mailbox Servers.



With DAGs a mailbox database can only be active on one server at a time - the way its always been with Exchange High Availability. The rest of the database copies are marked as healthy (hopefully). Inside a DAG you can distribute a mailbox database out to whichever servers you want. A DAG is not constrained to a physical site, they can replicate databases over site links for offsite redundency. Depending on business needs you choose which database will reside on what servers. Only one database will be active at a given time however having multiple copies of the database is fantastic. A database is able to reside on all servers if you wish (maybe the executive's database) - or if you want all databases can reside on all servers. One thing to keep in mind is the more servers a database resides on the more replication traffic will occur and the more storage you will require. In the above diagram I have DB6 available on all three mailbox database servers.

Failover time is about as fast as CCR (Continious Cluster Repliation) was in Exchange 2007 (approximately 30 seconds) - but still very fast. Users logged into outlook web access will not even notice a failover occured as they maintain their connection to the client access server while the client access server in the backend changes which mailbox server its communicating with for that given mailbox user. For outlook clients a simple bounce of the outlook client will bring them back up and running. No mail is lost during failovers and failovers can occur during business hours with no impact on business productivity.

Another fantastic thing about DAG's is you can incrementally add servers. Before in Exchange 2003/2007 high availability mailbox clusters had to be setup using the cluster administrator MMC and all the cluster resources such as the hostname, IP address etc all had to be created before hand. Once the cluster was setup, you would then install Exchange in cluster mode for the mailbox role. When a mailbox server was in place, you could not simply convert it into a cluster setup. This is because a clustered mailbox server was a special setup! With Exchange 2010 DAG's you can simply add a stand alone mailbox server into a DAG then specify which mailbox databases are going to be replicated to which servers giving administrators huge amounts of flexability.

Exchange 2007 CCR used SMB (Simple Message Block) to replicate transaction logs between mailbox servers. With Exchange 2010 DAGs SMB is no longer used. Exchange 2010 uses its own TCP/IP socket to replicate logs between servers inside a DAG. Administrators can set which port is going to be used for log replication between servers using powershell along with things like data encryption for repliation traffic.

With Exchange 2007 as soon as a mailbox server became a high availability mailbox server in either a SCC or CCR cluster, you could no longer have any other roles on it. ie - you could not have a clustered mailbox server that was also running a hub transport role. With DAG's you can now have mailbox servers that are also hub transport or client access etc. A great thing about this is you can setup a simple whitebox with RAID5 for a branch office so users can access their mailbox over highspeed LAN. Wack all the exchange roles on the single box, configure the exchange server to be part of your DAG and repliate the branch offices mailbox databases back to your corporate headquaters and back it up there - meaning no backup is required onsite. You could even make this single whitebox server a DC if you wish with DFS-R on important file shares. If this whitebox was to fail then failover would occur and users would continue working just accessing their mailbox accross the WAN link instead of highspeed local access (which in most cases is perfectly fine).

The great thing about DAG's is failover is completely automatic. If one database server completely dies - provided all mailbox databases on that server exist on at least one other server you won't even need to get out of your chair. Automatic failover will occur and users will continue working as normal.

What do DAGs Require?

Database Availability Groups still Windows Cluster Services. You need to ensure that the "Windows Failover Clustering" Feature in the features pane under server 2008 server management is installed. When you create a new DAG and add the first server to the DAG the following is automatically setup:
- A failover cluster is automatically created in the background with a majority node quorum using the name you specified for the DAG as the cluster name.
- The mailbox server gets added to the DAG object in the Active Directory Database.
- A clustered network computer account is automatically created in the computers built-in container in Active Directory.
- An IP Address is assigned to the DAG using DHCP (but you can manually specify this after to be a static address or use a DHCP reservation).
- The name and IP address of the cluster gets registered in DNS.
- The cluster information for the DAG.. ie the Quorum is updated with current mounted databases on the mailbox servers.

For each additional server that gets added to the DAG from here the following things occur:
- The server is added to the DAG object in Active Directory
- The cluster database is updated with mounted mailbox databases on the mailbox server.
- The Quorum model is automatically ajusted.

All this clustering stuff is done for you automatically, creating a DAG is simply a process of giving it a name, and clicking create. You then add which servers are going to be a member of the DAG. In previous versions of exchange you had to configure all this manually in cluster administrator. I can see this leading to exchange clustering being used widely by many organisations but administrators not understanding the fundimental knowledge of how a windows cluster works! All may be fine but when problems arise with out this knowledge it could lead to large amounts of downtime.

As I mensioned above the ability to incrementally add servers to a DAG is fantastic without having to rebuild the cluster each time you want to make changes but what is also really good is Exchange 2010 automatically updates the quorum model. If you have an odd number of nodes in the DAG at a given time it will set it to a majority quorum model. However if you then go add another node and have an even number a file witness share will be required. All you need to do is provide it with a sharename and Exchange 2010 automatically changes the cluster configuration between file share quorum's and majority quorum's for you.