Monthly Archives: March 2014

Interesting things that I see on the internet 31/03/2013

TL;DR, sorry. It’s been a while since the last one, you can blame a couple of my customers for this. I guarantee that this mail is however all killer, no filler, or whatever it is that the cool kids are saying these days. I’ve read every single article, and will be going back to some of them (particularly the xperf and memory troubleshooting stuff) with my notebook and pen, and working through them carefully. Log files are ACE.


Exchange Design:

The advice for loadbalancing Exchange 2013 has been reviewed and updated.

An interesting and quite deep post on Data Loss Prevention in Exchange 2013: View article… there’s a long and in-depth video covering similar ground here.

Ross Smith has a multi parter on name space planning and load balancing – related topics that can easily catch us out – Part 1 on namespaces,  part 2 on loadbalancing, part 3 on client connectivity and part four on certificate planning. It’s like an MCM in bite size pieces. I’d encourage you to read these until you are quoting great chunks in your sleep.

We can guess how much bandwidth our users need when planning a migration, or we can accurately measure it. the latter is so much nicer, don’t you think? So why not use the new log file statistics script  on the EHLO blog? View article…

An excellent and comprehensive checklist of steps required to migrate from Exchange 2007 to Exchange 2010, along with links to the relevant articles. Many of these steps are the same as might be required for a move to Exchange 2013: View article…

Tom Shinder has an interesting post on the Microsoft view of “Solutions”: View article…

A series of articles on the “new” edge server role in Exchange 2013 – start here: View article…

Scott Schnoll has written a thorough explanation of what windows server2012 R2 means for DAGs in Exchange 2013: View article…

There are new versions of quest Notes Migrator for Exchange and migrator for GroupWise. Have fun…




Exchange Troubleshooting:

Andrew Higginbotham’s bad day – always check the simple stuff first: View article…

Many times I’ve asked people to send me a screenshot  or a dir/p dump of their log file directory, so I can see how quickly they are generating log files. Now there’s an exciting tool that will do it for me. Better still, it will do it for YOU! View article… (yes, it’s the same tool as before – it’s both a troubleshooting and design tool!)

There is an update to the office configuration analyser tool – version 1.2 has been released. It’s getting more and more like the BPA every… um.. .year. This is a great tool that will highlight configuration errors in your outlook setup and look for common problems. it can be run from the command line, and it can even manage group policies; View article…

Is that mailbox move going really slowly? Want to find out why? Or do you just need to measure how quickly things happen so you can estimate how long a migration is going to take? Try the analyzemoverequeststats.ps1 script. Don’t be put off by the fact it refers constantly to office 365 – it will work with a migration to anything running exchange 2013 – office 365 and on-prem. View article…

Apple have released iOS 7.1 – I expect we can start seeing this on our systems soon: View article…

Anyone installing Exchange 2013 SP1 may be aware of the bug that breaks some third party addons – well the fix is here (but for some reason no-one is talking about it much) View article…

A link to Steve Goodman’s Exchange environmentals powershell script, and a plea for wider knowledge sharing: View article…

There is a handle leak in MAPI/CDO version and earlier, and a new version of MAPI/CDO fixes it; View article…

The “Current issues with Microsoft Exchange ActiveSync and third-party devices” page has been updated with some new stuff: View article…

Common reasons for calendar information to go missing or be wrong. It’s an oldie, but a goodie, and lists a bunch of best practice to avoid problems… View article…

Cracking article on how to turn folder permissions into a pretty picture using powershell: View article…

We’ve spoken  before about content indexes and search, but here’s another short sweet article that illustrates how easy it is to fix these issues; View article…

A useful article explaining the recent changes to the Exchange 2013 BPA; View article…


Exchange General:

Tim McMichael has a detailed plan here for migrating users to a new DAG on new hardware by physically shifting the databases – interesting. Read carefully, and, if you decide to do it at any point, I’d suggest following it exactly – if you can think of a shortcut, Tim will have already thought of it and have a good reason not to follow it. View article…

Nathan Winters has a useful post bringing together a bunch of resources on the discovery features in Exchange, Lync and Sharepoint. That’s “search” to those of us who prefer short words. View article…

How to search for deleted items in a mailbox. With step by step instructions and full colour pics; View article…

Keith Mayer has a post on the wonderful new capabilities of OneDrive (previously SkyDrive) to act as a powershell script editor, here: View article… shame it’s still blocked by ITG.

There’s a long blog post about recent enhancements to Exchange Online Protection. Will this stop the moaning? Time will tell… if you can’t be bothered to read the article, just watch the video.

The latest version of the Managed API for Exchange Web Services has been released, if you’re developing custom interfaces.

Here’s a long and detailed video on the new features in Exchange 2013 SP1 from the ignite website.

A great article on how OAB distribution works in Exchange 2013, a companion to the previous article on Exchange 2010 and 2007; View article…

If you have five minutes, why not read Rhoderick Milne’s RBAC primer? Or his “exchange 2010 tip of the day”? or his Exchange 2013 tip of the day series? He also has some handy tips on filtering powershell cmdlets.


Core General:

Top support issues for IIS – read this and learn about the most common problems: View article…

New event log entries that track NTLM authentication delays and failures in Windows Server 2008 R2 are available View article…

Are you having trouble with your ISP? Here’s a lovely article on how to use message analyser to troubleshoot your own “slow internet” problems, rather than constantly be told to try turning it off and then on again: View article…

If you want a good view of MS cloud, with plenty of links to articles on hyper-v, Microsoft cloud, azure and so on, then I’d encourage you to have a look at Keith Mayer’s blog; View article… one day I’ll have time to follow the multipart “building your hybrid cloud” series…

Ash McGlone has a pair of posts on cleaning up unnecessary AD groups with Powershell, here and here. You could just download the scripts, but I’d encourage you to read the posts and understand how they work. It’s also interesting fuel to a debate I’m having with a colleague at the moment around “do TSS’s need to be able to do maths?” I say yes, btw.

Here’s an interesting explanation of IPv6 and Windows 2012 R2 failover clustering.

There’s a really useful post on the Ask PFE blog about Microsoft training options, with lots of detail on MVA, channel 9 and so on; View article…

Thinking about certification? Why not have a look at the certification challenge  that Microsoft are currently running? I’m currently mulling over whether or not to have a think about maybe considering taking a gander at the possibility of contemplating MCSD… but I’m not sure.

An interesting article on failover clustering and active directory integration, including how it changes with each widows version; View article…

There’s two more articles released in the Xperf Xpert series; one on long service load times, and one on how slow network affects boot times.

This is an excellent article on how to troubleshoot memory pool leaks, with a walk through of a real-life problem. Genuinely, this is great.


Office 365:

“Geek out with Perry” returns with a video on secure service in Exchange online. This is Perry Clarke, giant throbbing brain. Not one to miss: View article…

Exchange online migration guided walkthrough, written by Tim Heeney, Microsoft’s premier Michael Richards impersonator: View article…

Setting up a hierarchical address book in office 365: View article…

How to set up message encryption with Office 365, here, and for those who can’t be bothered to watch the video, here’s some words. This also works in Exchange 2013 sp1.

Here’s some videos on how to set up and troubleshoot multifactor authN in office 365.

Here’s another two articles in the Ask PFE series on building an ADFS lab; ADFS proxy and Upgrading to server 2012 R2.

Microsoft have released documentation on configuring Hybrid eDiscovery using OAuth



Here’s an interesting pair of articles on persistent chat and high availability in Lync 2013. Part 1 and part 2.


Still no word of the sessions from LyncConf 2014 appearing on Channel 9. The Sharepoint conference sessions are available now, though:

Free e-books!



The nice people at Packt are running a “BOGOF” offer this month, but hurry, it finishes next Wednesday. I’d thoroughly recommend Michael Van Horenbeeck’s “Exchange 2013 cookbook” if you’re looking for a handy “how do i…?” reference for Exchange.

Your cluster log is TINY, and the source of much amusement.

I quite often get calls logged asking for help understanding why the active copy of a DAG database moves from one server to another. There can be a number of reasons for this, not all of them particularly well recorded in the event logs – a favourite is the DAG networks not being collapsed when they span sites, and therefore different subnets, but that’s not what I wanted to write about.

Quite often, the best way to understand what happened is to go through the failover cluster log – if you’ve not looked at this log before, I urge you to try it, particularly if you suffer from insomnia. In Windows 2008 r2 you can have a look at it by running get-clusterlog –destination <location> in powershell.

A normal cluster log would look something like this:

000016c0.0000162c::2014/03/12-12:15:15.892 INFO  [GUM] Node 2: Processing RequestLock 4:689542
000016c0.00003dcc::2014/03/12-12:15:15.892 INFO  [GUM] Node 2: Processing GrantLock to 4 (sent by 1 gumid: 6354235)
000016c0.000015b4::2014/03/12-12:15:23.192 INFO  [GUM] Node 2: Processing RequestLock 2:144215
000016c0.0000162c::2014/03/12-12:15:23.192 INFO  [GUM] Node 2: Processing GrantLock to 2 (sent by 4 gumid: 6354236)

With a couple of events every few seconds. At this rate of generation, the default log size of 100MB is usually enough for about 24 hours worth of events. However, say you have a problem (like DAG networks not being collapsed correctly, as below*)? Then your log may look more like this:

000018bc.00001998::2014/02/13-11:53:54.854 DBG   [NETFTAPI] Signaled NetftRemoteUnreachable  event, local address remote address
000018bc.0000199c::2014/02/13-11:53:54.854 INFO  [IM] got event: Remote endpoint unreachable from
000018bc.0000199c::2014/02/13-11:53:54.854 INFO  [IM] Marking Route from to as down
000018bc.0000199c::2014/02/13-11:53:54.854 INFO  [NDP] Checking to see if all routes for route (virtual) local fe80::b8ac:d730:1392:4e4d:~0~ to remote fe80::698d:34a4:a5c9:2e77:~0~ are down
000018bc.0000199c::2014/02/13-11:53:54.854 INFO  [NDP] Route local to remote is up
000018bc.0000199c::2014/02/13-11:53:54.854 INFO  [IM] Adding information for route Route from local to remote, status: true, attributes: 0
000018bc.0000199c::2014/02/13-11:53:54.854 INFO  [IM] Adding information for route Route from local to remote, status: false, attributes: 0
000018bc.0000199c::2014/02/13-11:53:54.854 INFO  [IM] Sending connectivity report to leader (node 2): <class mscs::InterfaceReport>
000018bc.0000199c::2014/02/13-11:53:54.854 INFO    <fromInterface>d8430531-25e6-4749-8b1d-2bf5f06da430</fromInterface>
000018bc.0000199c::2014/02/13-11:53:54.854 INFO    <upInterfaces><vector len='2'>
000018bc.0000199c::2014/02/13-11:53:54.854 INFO      <item>d8430531-25e6-4749-8b1d-2bf5f06da430</item>
000018bc.0000199c::2014/02/13-11:53:54.854 INFO      <item>62a2fefa-9b12-436d-a270-fec45ee86d23</item>
000018bc.0000199c::2014/02/13-11:53:54.854 INFO  </vector>
000018bc.0000199c::2014/02/13-11:53:54.854 INFO  </upInterfaces>
000018bc.0000199c::2014/02/13-11:53:54.854 INFO    <downInterfaces><vector len='1'>
000018bc.0000199c::2014/02/13-11:53:54.854 INFO      <item>c16aa803-1446-41d0-8b1f-338a6093ec37</item>
000018bc.0000199c::2014/02/13-11:53:54.854 INFO  </vector>
000018bc.0000199c::2014/02/13-11:53:54.854 INFO  </downInterfaces>

As you can see, the rate of entry generation has increased dramatically. In this particular example the default log size of 100mb covers approximately fifteen MINUTES. It would be a good idea, then, to increase the cluster log size from the default of 100MB to a larger number. 400MB is quoted in some of the literature, although not particularly strongly. The best article on this suggests 72 hours of log data should be kept, however in my experience the maximum log size of 1gb can sometimes only hold 12 hours of data. This is the best article, by the way. It also contains instructions for setting the cluster log size in Windows 2008. For 2008 r2, use set-clusterlog –size 1024

But nick, I can’t run get-clusterlog?

You need to import the failover clustering module

Start powershell as an administrator

Run import-module failoverclusters

And bob’s your uncle.

Oh, an how do I know that DAG networks aren’t collapsed? Well, first of all I can see there is a problem replicating across the nominated repl network:

000018bc.0000199c::2014/02/13-11:53:54.854 INFO  [IM] got event: Remote endpoint unreachable from
000018bc.0000199c::2014/02/13-11:53:54.854 INFO  [IM] Marking Route from to as down

The cluster then checks that all possible paths are down:

000018bc.0000199c::2014/02/13-11:53:54.854 INFO  [NDP] Checking to see if all routes for route (virtual) local fe80::b8ac:d730:1392:4e4d:~0~ to remote fe80::698d:34a4:a5c9:2e77:~0~ are down

It is thrilled to see it can get there along another network:

000018bc.0000199c::2014/02/13-11:53:54.854 INFO  [NDP] Route local to remote is up

If we run get-databaseavailabilitygroupnetwork then we can see there are 6 networks  for this DAG, which is four too many. The six networks are two MAPI networks (one for each subnet, one subnet per physical AD site), which need collapsing, two replication networks which also need collapsing and two backup networks which need to be excluded from the DAG altogether. For more on sorting your DAG networks out, please see this article from Tim McMichael.