Interesting things that i see on the internet, may 2014.

So, a lot has happened since my last post. Exchange 2003 has ceased to exist, utterly. If you think you have 2003 installed, you’re wrong. There is no such thing, so don’t ring me up about it. outlook 2003 has suffered the same fate.


Exchange 2010 sp2 has likewise stopped existing. If you’re not on SP3 then all I can see is a grey blur where your server is supposed to be. Outlook 2010 sp1 will suffer a similar fate in October – are you ready?



Exchange Design:

Many of you have been asking “what’s the replacement for TMG?” – I’ve already told you it’s WAP (in fact, I think I might of said IRR, and one of Mark Wilson’s team corrected me… :D). so, how do you use WAP? I was going to write a cheat sheet on it when my eternus arrived and I built my new lab (current ETA – 12th of never). Luckily the AskPFE blog has written it for me. Secure Extranet Publication of Exchange 2010 OWA via Server 2012 R2 Web Application Proxy. So there you go.


Rhoderick Milne has done a deep zoom of the Exchange 2013 SP1 architecture poster, so you can look at it on your phone. If you cache it, you can look at it while you’re on the tube. So much nicer than reading the adverts.


Ross Smith IV has written an article introducing the preferred architecture for exchange 2013. This is a bit of a departure for the product group, In the past they’ve left us to figure out what they meant. It’s pretty close to the office 365 architecture, apparently, so don’t expect it to change much over time (unlike the recommendations for exchange 2010).


Jeff Mealiffe has published a short update to Exchange 2013 sizing requirements for SP1. There’s also an updated edition of the Exchange Deployment assistant out.


Tony Redmond discusses recent changes in best practice that were talked about at MEC 2014.


Paul Robichaux has a couple of nice posts, one on the increasing usefulness of lagged copies in exchange 2013, and one around multifactor authentication for outlook.



Exchange Troubleshooting:

There has been a recent update to the “current issues with ActiveSync” kb article. It’s worth making a habit of checking this article – device software updates pretty rapidly, and this the first place confirmed problems get listed.


The “troubleshooting longrunning MAPI connections through load balancers” article has also had a recent update, although it still seems not to include scott schnoll’s suggested best practice from 2012. If you can’t be bothered digging through  an hour long two year old presentation, Jeff Guillet has helpfully abstracted and interpreted it here. It says “set it to 120 minutes”. Scott says “set it to 120 seconds”. For absolute clarity – the value that we’re talking about is “HKLM\Software\Policies\Microsoft\Windows NT\RPC\MinimumConnectionTimeout” yes, I know in the past I have told people not to fiddle with this setting. The advice was correct at the time ;-). In the meantime, I’d follow Scott’s advice. He’s rarely wrong.


For those of you running three node DAGS on windows 2008 r2 here is a reminder about an important hotfix for a known error in cluster comms that can cause perfectly good nodes to lose quorum when there is a comms issue. If you haven’t got this installed you might want to ask yourselves “why?”. Waiting until you’ve got a cluster down is probably a bad time to decide whether or not you need it.


I’ve mentioned before the guided walkthroughs that MS have started publishing. These cover setup and troubleshooting of common scenarios, and are really useful for making sure that you’ve got everything covered and done in the right order – they’re handy for you, in that you know you’ve got everything right, and they’re handy for me because they generate all the right evidence. There are now a load of walkthroughs published for Exchange Online (sharing calendar and contacts, hybrid migration, outlook connectivity), Lync Online (set up external comms, troubleshoot sign-in) and Sharepoint Online (onedrive setup). I thoroughly recommend you have a look, and more importantly, have a play.


Steve Griffin, author of one of the finest client troubleshooting tools, MFCMapi, has written a nice little script for automatically attaching procdump to outlook to generate memory dumps when it crashes. Interesting in that it automates something I have to do on occasion, but also because it doesn’t have to be outlook.exe…


Updated “top support” articles for Exchange 2010 and Exchange 2013.


Remember the days of starting up a telnet session and blatting out a few emails on the cmd line? Now we have to use PuTTY, but even that has its drawbacks. So say HELO to pelnet. That’s Powershell Telneting, to you.


I have been quite vocal on the subject of item count in the past; well here is an interesting article regarding that very topic – Some folders are not visible in outlook web app. It turn out, the maximum number of folders in one mailbox that can be displayed in OWA is 10,000.


Tim McMichael has written a couple of good blog posts on cluster networks – what constitutes a “failure” and another brief one pointing to Elden Christensen’s post on tuning failover cluster network thresholds.


Exchange General:


Mark Wilson has sent us a link to all the MEC video content –


Earlier this year I passed on a link to a post about improvements in Exchange Online Protectionhere’s the second part.


This is one of those things I’ve mentioned in the past and is due for a reminder – best practices for configuring delegates in outlook 2010. If you have sniffy vip users with sniffier PAs, then perhaps you need to read this article. Perhaps? Who am I kidding? There’s no perhaps. Read, mark, learn and inwardly digest.


There’s a new Exchange 2013 on Windows 2012 r2 base config test lab guide been published. If you have a good root around that site you can unearth some real gems. Once my eternus comes…


The exchange team blog has a pretty good and reasonably thorough explanation of outlook and MAPI over HTTP here. This is, I am told, going to be the preferred method of connecting outlook to exchange, eventually, so we’d better get used to it. The product group would prefer it if we ditched the client altogether and all used OWA, mind.


A nice post here from Clint “K-Bomb” Boessen elaborating on real time block lists and exchange 2013.



Core General:

A little explanation of how much support you can expect if you decide to try NATing your domain controllers; basically “don’t do it”. this is an interesting philosophical question, and neatly illustrates the difference between design and operations. When I point out things like this, I quite often get designers asking me why it’s not supported and can, if I’m not careful, en up in a protracted discussion about the feasibility of doing this or that very clever technique. Operations tend to care less about why. The long and the short, from an operations point of view, is that MS have told us, in advance, that if we do this sort of thing they’ll not support it. the bottom line is it is an untested solution. MS haven’t tested it, so they don’t support it. if we test it an decide it’s a great solution, then MS will expect us to provide support for it. it probably won’t make a difference if that support is required at 2am. in short, when you’ve got a crocodile chewing your leg, it’s not the time to start wondering if it might not be an alligator.


Many years ago MS used to produce a tool called the Microsoft Premier Support Reporting Tool, which gathers a great bunch of logs and diagnostic tool output. A particularly popular version was called the PFE MPSRT, which not only gathered the stuff for the OS, but also exchange sql and some other things that might be installed This has been replaced for some while now by the Microsoft Support Diagnostic Tool, which while being much better than MPSRT, is also much more focussed, with versions for Clustering, Name resolution and god knows what. The good news is they’ve released a PFE version, here. This should help us get a lot more info in the first pass. There have been a whole bunch of other new diagnostic tool packages released recently as well: PKI, MaxConcurrentAPI, Machine memory dump collector, and a package for VSS and backups.


So you’d like to know more about azure, hyper-v and stuff, but you just don’t know where to start? Fancy some certifications, but don’t have the time or money to go to a class? Try the early experts programme. You can’t win the surface, unfortunately.


MSPress announce that there is an updated version of the Microsoft Script Browser available –View article… what’s the script browser? A tool for browsing the script repository  –  a collection of powershell, vb etc scripts that do useful things, hosted by Microsoft. Not necessarily written by them, mind. There’s al so a useful tool that will help you clean up your code and suggest better alternatives…


You may find this short video on virtualising office of interest – it’s a bit noddy, but there are some better links off the first page… The new Office: Managing Office in Virtualized Environments


Updated “top support” articles for windows 2008 and  windows 2012 and 2012 r2.


Here is an active directory article that I found really interesting. How to use a snapshot to recover AD attributes. Now, before you go “oh nick, AD and snapshots?”, this is written by a MS PFE who is also an AD and powershell expert. It looks really neat-o. I’d not even think about doing this in your live environment until you’ve thoroughly tested it in your lab – not because I think there’s anything wrong with the method, but because I think you need to really understand it before putting it in live.


If you’re using the latest version of netmon,  Message Analyser(or playing with it, like I am), then you really should be reading the MA blog. There’s been a couple of good posts on there in the last month, one on filtering and a more general “tips and tricks” one. It looks great, so why am I still using wireshark? Sigh.


Office 365:

Oh how we laughed at the RUS in 2003. What a pathetic excuse for a service. Turns out it had its uses after all – because it scavenged stale AD attributes, it meant 2003 objects were immune from this little problem – stale or invalid GAL entries prevent Exchange Online migration.


There’s lots of articles about how to migrate to exchange online. There’s a few on how to merge exchange organisations while doing a exchange online migration. Until now, I’ve not seen anything on how to merge two different exchange online organisations.


Possibly of more interest to us, here’s a video on how to use multifactor authentication with Office 365.


Why trying to lock down access to office 365 using IP addresses is a big pain in the neck. Office 365 content delivery networks explains why you shouldn’t do it this way. More detail on client connectivity here.


Self service password reset for users of Windows Azure Active Directory. Sounds cool. Here’s how to set it up and use it… and there’s more on WAAD premium here.


There’s a webcast introduction to the new diagnostic features in office 365 here. That url seems a little non-specific, so if you are coming to this in a few weeks time, and the url takes you to a video that appears completely different to the one you expected, try this link instead.


Here’s a link to the announcement about encrypted storage for office365.


Rhoderick Milne has a done a series of articles on enabling ADFS 2012 r2 for Office 365. Start here. He’s also done a nice “how-to” on enabling ADFS extranet account lockout protection.


It’s probably worth calling out the article on ADFS troubleshooting that he mentions. Not that anyone will need it – what could possibly go wrong with ADFS?


The UCGuy blog has done a series of helpful tips on office 365 migrations which look interesting.



Updated “top support solutions for Lync 2013” article.


Garry Newsham has emailed in a link to the Lync  (see what I did there?) conference slides –





Right, hopefully you’ve made it this far. If so, may I commend a couple of blogs to you? First of all my friend Justin Harris has a blog here called NT Excellence – talk about setting yourself up for a fall, and some of his stuff can be found on GeeksWithABlog as well, which he writes with another of my acquaintances, Larry Novak. Both blogs are pretty new, and could do with some encouragement…


Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: