Thursday, August 31, 2017

Outlook is unable to connect to the proxy server. (Error Code 0)

I'm currently in the process of performing another Exchange 2010 to Exchange 2016 migration for a customer.  When moving the first mailbox to Exchange 2016, the following error occurred:

There is a problem with the proxy server's security certificate.
The name on the security certificate is invalid or does not match the name of the target site

Outlook is unable to connect to the proxy server. (Error Code 0)

Most information on the internet regarding this error points at either a certificate issue as per or the Exchange System Attendant Service not running which no longer exists in later versions past Exchange 2010.
The Microsoft Remote Connectivity analyzer passed fine with no certificate areas and I validated that the certificate was correct:
  • The Root certificate is installed correctly on the server with the correct thumbprint.
  • The intermediate certificate is installed correctly on the server with the correct thumbprint.
  • Awildcard certificate is installed on the server with private key and the certificate chain is healthy.
  • The certificate is valid expiry date and has a valid subject name.
  • All names on the virtual directories for Exchange match a valid name trusted by the wildcard certificate.
After hours of troubleshooting I isolated the issue down to Group Policy and then finally down to this specific policy setting applied to the User Account:

"RPC/HTTP Connection Flags"

This is located under User Configuration --> Administrative Templates --> Microsoft Office 2013 --> Account Settings --> Exchange

Provided you have the Exchange 2013 ADMX installed in the Group Policy Central Store.

After setting this policy back to "Not Configured" and refreshing policy on the users, the error was resolved.

Tuesday, August 15, 2017

Slow Internet Surfing on Cisco 891fw

I was doing a new config for a Cisco 891fw but had extremely slow internet surfing speeds.

When doing a speed test however, speed was fine.

The issue was MTU.

To fix this, on my VLAN that I assigned to my clients I needed to run the following command to stop the packets fragmenting:

ip tcp adjust-mss 1200

Make sure you put this on the VLAN itself, not the Dialer Interface.

Monday, August 14, 2017

Removing Icons in Windows 10 1703 after Removing Bloatware with Remove-AppxPackage

We had an issue creating a Windows 10 image at another customer site after upgrading the Image to 1703.  The 1703 update introduced yet more bloatware.

After removing the additional bloatware from our image introduced in Windows 10 1703 with "Get-AppxPackage -AllUsers | Remove-AppxPackage", we had a number of apps which were still in the start menu for all users but could not be removed and were not functional.
  • Adobe Photoshop Express
  • Eclipse Manager
  • MSN News
  • And a few others...
In order to remove these apps from the start menu, we first needed to add all the bloatware back with the following command:
Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
Once all modern apps were in an active state, we then removed the problematic applications which we could not remove... Adobe Photoshop Express, Eclipse Manager etc.  Once they were removed we then re-ran the "Get-AppxPackage -AllUsers | Remove-AppxPackage" cmdlet.
Now they were gone.  We created a new default profile, cleaned up the image and sysprepped it for deployment.
Hope this is helpful to someone else.

Thursday, August 10, 2017

What is the difference between Resume-MailboxDatabaseCopy and Update-MailboxDatabaseCopy?

Resume-MailboxDatabaseCopy and Update-MailboxDatabaseCopy - two separate commands which perform similar actions for similar purposes.  But what is the difference and when would you use one over the other?

When a mailbox database in a Database Availability Group environment enters a FailedAndSuspended state, you will be needing to run one of these commands!

The Resume-MailboxDatabaseCopy will attempt to replicate only uncopied transaction logs to bring the database back into a healthy state.  Minimal bandwidth utilization and effort required by the servers.

The Update-MailboxDatabaseCopy command on the other hand will perform a complete database reseed between the servers to bring the database back into a consistent state.

As a rule of thumb, you always want to try the Resume-MailboxDatabase cmdlet before you attempt a full reseed.

Be very careful when running the Update-MailboxDatabaseCopy cmdlet if your servers are in different datacenters connected by slow WAN links.  If this is the case and you need to run this command, you want to schedule it for a time which will least impact users.  Remember, Exchange DAG's do not support bandwidth throttling even in Exchange 2016 primarily because Microsoft thinks everyone should run DAG Replication on a separate dedicated isolated network.

Thursday, August 3, 2017

In-Place Hold vs Litigation Hold vs Outlook Protect Rules

In this post I am going to address what the difference between In-Place Hold vs Litigation Hold vs Outlook Protect Rules in Microsoft Exchange.

Litigation Hold

Litigation Hold was first introduce in Exchange 2010 and is configured per mailbox.  You set mailboxes on litigation hold on a per mailbox basis.  Exchange 2016 also allows you to specify a hold duration - "how long you want to hold items in a mailbox for".

To put a mailbox on Litigation Hold, simply use the following command:

Set-Mailbox -LitigationHoldEnabled $true

In-Place Hold

Unlike Litigation Hold which is on a mailbox level, In-Place Hold allows you to hold items across your organization based on a query such as keywords, senders and recipients, start and end dates, and also specify the message types such as email messages, calendar items, and Skype for Business conversations that you want to place on hold.

In other words its a query based search and puts individual items such as emails on hold instead of an entire mailbox.

In-Place Holds are created using the Compliance management > eDiscovery Center.  For more information on how to do this, refer to the following article.

Outlook Protection Rules

Unlike Litigation Hold and In-Place Hold, Outlook protection Rules help your organization protect against the risk of information leakage by automatically applying Information Rights Management (IRM) protection to messages.

Outlook Protect Rules are created on the Exchange Server with the New-OutlookProtectionRule cmdlet.  These rules are then automatically distributed to the correct Outlook clients via Exchange Web Services.

Before you create Outlook Protect Rules you must have an AD RMS server deployed in the same Active Directory forest as your server running Microsoft Exchange Server.

Hope this information was helpful!