Category Archives: windows

My God, it’s full of RSTs…


I had a bit of a debate with a network engineer last week. We’d taken a trace from a load balancer to try and understand why outlook anywhere sessions were getting blocked and terminated randomly (short answer; port exhaustion because there were insufficient IP addresses in the NAT pool on the server facing side of the load balancer, but that’s not important right now). I pointed out the reset packets coming from the load balancer. He countered with “Well why are there so many resets coming from the CLIENT? EH? EH? yeah… you heard me…” etc etc. They do go on, network engineers. And he’s right. Outlook does pump out a bunch of RST packets. On purpose. Allow this trace to illustrate – this is me opening a colleague’s calendar in Outlook, and then closing it.

outlook session temrinating with RST

So why does it do that? First, we need to talk about how TCP sessions are *supposed* to be terminated. The machine that is done talking sends a FIN/ACK, and goes into the FIN_WAIT_1 state until it receives an ACK to it’s FIN/ACK, at which time it goes into FIN_WAIT_2. The receiving machine sends an ACK, goes to the CLOSE_WAIT state, and then sends it’s own FIN/ACK. It will stay in the CLOSE_WAIT state until the application sends a close(). The first machine ACKs that FIN/ACK, and goes into the TIME_WAIT state for about 4 minutes (according to RFC793). This is supposedly to wait for any stray packets, but it’s actually because they are lazy.


So it’s possible to have the socket open but useless for minutes – one side waiting for the application to notice the socket is ready to close, the other waiting for a period equal to twice the maximum segment lifetime to expire (this is all explained MUCH more clearly here:


This is wasteful, to say the least, so many applications choose not to use FIN/ACK, but to issue a RST/ACK instead, which has the huge benefit of closing the socket down on both sides immediately, with none of that messy waiting around. This allows server ports to get recycled much faster. On the downside, it grinds network engineers’ gears. (is that a downside? really?)

this is documented (although not explicitly for Outlook) here:

There’s a good Microsoft article on TCP states here:

and advice on what you can do if your application insists on sending FINs, and you’re suffering from port exhaustion (it’s for SQL server, but you can’t have everything, right?):


exchange,windows and the terrifying leap second.

This leap second thing…


We had one in 2012. and in 2008.

I may be wrong, but I don’t recall the world ending. I’d look out the window and check, but I’m in Stevenage, so that might not be as informative as I’d hope.

Clocks get moved about all the time in exchange; just have a look on virtualised systems for this event:






The system time has changed to ‎2015‎-‎01‎-‎19T14:31:54.447000000Z from ‎2015‎-‎01‎-‎19T14:31:51.850000000Z.

Look! That exchange server *went back in time* to 3 seconds before. It is Dr Who’s mail server. So long as it isn’t enough to break Kerberos, it’ll be fine. (1 second forward won’t break kerb.)

We’ve seen shifts of six and seven minutes on some of our customers, and that causes issues, especially in DAGs; just one of the reasons I really really hate virtualised exchange servers.

Anyway, here are some links on it:

What’s all this about the Leap Second, and how does it affect the Microsoft Windows OS and other products?

How the Windows Time service treats a leap second



Intersting things I have seen on the internet, October 14th

Afternoon. Lots of stuff in the last week-and-a-bit. Firstly, you may be interested to take part in the Global Knowledge IT Skills and Salary survey – if you take part then you’ll get the results mailed to you in March. Interesting stuff. Also please be aware that organisations running Exchange 2007 (like us) may be affected by this issue, causing meetings in Russian time zones to appear incorrectly after October 26. This will be fixed around the middle of November, or the 128th of Mitwoof if you’re in Russia. Anyway, on with it.


Exchange Design:

There’s a new version of the JetStress tool available.

How to integrate Exchange Online with Lync Online, Lync Server 2013, or a Lync Server 2013 hybrid deployment and How to integrate Exchange Server 2013 with Lync Server 2013, Lync Online, or a Lync Server 2013 hybrid deployment.

Need to move mailboxes from one office 365 tenant to another? You need the Microsoft Office 365 merger migration guide for Microsoft Exchange Online and Microsoft Lync Online. Yes you do.


Exchange Troubleshooting:

I get bored of saying it. Microsoft get bored of saying it. Now you can get bored of reading it (actually, it’s been around a while, but it’s just been updated and it’s worth reading) Fix Outlook connection problems by upgrading to the latest version

Exchange 2013 has a problem with lazy indices causing unexpected x-overs. This is discussed here – Those Pesky Lazy Indices. The article is remarkable for two reasons – firstly, it’s written by Mr McMichael, and secondly it refers to “failovers”. I thought that was verboten? It appears it’s 2013 CU5 that is mostly affected.

Damian Scoles has a really nice article on troubleshooting mailflow during migrations. Not just how to fix it, but actually how to troubleshoot it. Nice.

Outlook 2013 users who have installed the September 2014 Update may experience a certificate error when they open outlook. Microsoft are investigating this.

MRSProxyConfiguration settings are not honoured when they are configured. This will be fixed in CU7, they say.


Exchange General:

Tony Redmond discusses the implications for Exchange on-prem of Satya Nadella’s statement “Office 365 is the new Exchange and one will cannibalize the other. The key is to ensure that current Exchange customers can transition on their own terms.” Even if he’s right (and he usually is…), the opportunities for basing a career around Exchange are going to be limited, at the least. Still at least we’ll have exchange 16 to look forward to in the near future. It might be interesting to have a look at some of the stuff that might make it into the next version.

Paul Cunningham has a nice explanation of the 2013 Autoreseed feature on his blog.


Core General:

Probably the coolest article in this post: Introducing the Netlogon Parser (v1.0.1) for Message Analyzer 1.1. This is awesome. If you only click on one link, this one should be it. It really showcases the power of Message Analyzer. Paul E Long also has made a plea for MessageAnalyzer feedback. He’s particularly after feedback on performance issues. So, while it’s true, “It’s great, Paul!”  isn’t going to cut it.

There’s an interesting video on virtual networks within Azure on Channel 9. Also got some info on internal load balancing. Sounds like a recipe for calls, to me.

Lakshman Hariharan has a second post on Network Trace Analysis using message analyzer. I’m really keen on this tool (really? Who knew) I’m thinking of doing some online training on it if anyone is interested.

For those of you intending to do your MCSA 2012 R2, there’s an offer on the 70-412 ebook here. Offer expires next Sunday (19th).

Microsoft are really an open source company. Honest, guv. That link is worth looking at, however, for the link to Introduction to Programming with Python on the Microsoft virtual academy. Except I’ve just posted it, there. Oh well. It’s got a picture of a man holding a toaster too.


Office 365:

FREE EXCHANGE KEYS! FREE EXCHANGE KEYS! How to obtain an Exchange Hybrid Edition product key for your on-premises Exchange 2007 or Exchange 2003 organization

Office 365 and azure visio stencils from Keith Mayer. If Visio stencils do it for you, then here they are.

New Azure AD enhanced auditing and activity reports coming soon.

Another update to the “how to troubleshoot Azure Active Directory Sync tool installation and Configuration Wizard error messages”. I wish I could come up with snappy product names like that.

Turns out you might find outlook 2010 suddenly runs verrrry slowly with Office 365 – in which case install the August 2013 hotfix package. Note this is a hotfix package, not a rollup. Confusing.

Archive mailbox issues for a mailbox that’s migrated to or from Office 365

There’s going to be a lot of startled admins out there (step 2 of the solution) On-premises users aren’t getting email messages from Office 365 users in an Exchange hybrid deployment

Office 365: Outlook and mobile device connectivity troubleshooting resources

Another general troubleshooting article: Domain errors in the Office 365 portal. You need to expand the table, otherwise it looks like it’s just taunting you.

How to change the AD FS 2.0 service communications certificate after it expires. Useful information regarding certificate manipulation…

NEW! “The server cannot service this request” error when you use In-Place eDiscovery & Hold to search a large number of mailboxes “may be corrected in a future update!”

Troubleshooting Azure Multi-Factor Authentication issues

There’s been an update to the Office 365 mail flow troubleshooting index.

The latest “From Inside the Cloud” post deals with mail and transport encryption in Office 365.

Damian Scoles (again?) has posted a couple of troubleshooting articles on his “Just a UC guy” website. They’re a bit specialised, but I really like his writing style and his systematic approach, both to troubleshooting and documentation, so I’m going to link to them here. Have a look; you could learn a thing or two. Manager’s Team Calendars with Exchange / Office 365 Hybrid  and Free/Busy Hybrid Troubleshooting.



Jeff Schertz has written a long and detailed article on configuring QoS for Lync IP phones. Lots of pictures. Lots of links. I’m still out of my depth with it.


It’s October. That means it must be time for the September 2014 Cumulative Update 5.0.8308.813 for Lync Server 2013 (conferencing server). What does this fix? Nothing at all. A bit like the unified comms, apparently. The front end and edge updates, web components, core components and conferencing attendant updates all appear to actually do something. I’m sure I’ve mentioned in the past that each Microsoft update contains a handful of fixes to public intersting things that i have seen on the internet, october 14thproblems, and a lorryload of fixes to stuff that Microsoft don’t tell people about. They may all be downloaded here. This article contains a list of the most recent updates for Lync Server 2013. If you bookmark it, you can look at it regularly. Or use something like follow that page to tell you when it changes. Or, god forbid, Microsoft’s own RSS feed.


And finally…


Damn fine cherry pie.


Intersting things that i have seen on the internet, october 3rd

Right, this is hopefully a little more timely than the last one. Those of you sitting an MCP exam at a Pearson VUE testing centre may notice that the interface is slightly different. Hopefully this will help you feel good about your exam. Probably not as good as passing the thing, though.


Exchange Troubleshooting:

Short and sweet – how to check the autodiscover SRV record using NSLookup, from Rhoderick Milne

Having problems accessing automapped mailboxes in Exchange 2010 recently? Have a look at this article.

New! Exciting! An exchange 2013 CU6 bug design feature! Load balancer marks Exchange server as down in an Exchange Server 2013 Cumulative Update 6 environment.

Can’t create an Exchange 2013 public folder mailbox? “An existing Public Folder deployment has been detected” error when you try to create a public folder mailbox in Exchange Server 2013.


Exchange General:

Good news, bad news. Good news; my friend Justin Harris has earned a “2014 Microsoft Exchange Server MVP” Award. Thoroughly deserved! Congratulations Justin. He does an excellent podcast with Larry Novak, a great Exchange engineer at Microsoft.

Bad news; Microsoft layoff senior technical writers. I can’t see how this is possibly a good thing. The writers in question produce some of the most authoritative and in-depth articles on exchange available. Exchange 2010 has been really well documented, Exchange 2013 less so (where is all the performance monitoring stuff, for instance?) – it looks like 2015 will be barely detailed.


Core General:

Some interesting and useful information from the Defrag show on the latest and greatest Microsoft product; not Sway, not windows 10, but Minecraft. I can’t begin to tell you how excited my boys are that their father is now officially a minecraft support engineer. There’s also some stuff on Windows perfmon counters for HDDs, and yes, some stuff on windows 10. Who cares? “It looks like you’re building an underground labyrinth filled with zombies. Would you like help?”


Clippy has his own Realm, where his army of countless slaves build mile high idols in his image.

Also very exciting (if you support stuff) is Mark Russinovich discussing SysMon on the defrag tool show. Also his latest novel, Rogue Code.

Keith Mayer has advice on using Azure to look at the windows 10 technical preview here, if that’s what floats your boat.

The recommended hotfixes for 2008 R2 clusters article has been updated.


Office 365:

Free/busy lookups between Exchange Online and on-premises users stop working after you set up OAuth authentication. You’ll need (it says) to have a mix of Ex2k13 and Ex2k10 on prem, so hopefully it won’t be a problem, but it’s worth checking for if you see any issues with free/busy and OAuth.

The EHLO blog has an article on the new bulk email feature in Exchange Online Protection. If you’re at all interested in how Microsoft handles your spam, then you may enjoy the linked video – “How does Microsoft handle my spam?

I know there have been a few comments about the wealth of material available for the office 365 exams. Just when you think you can’t possibly fit any more in, along comes the official Microsoft Learning Study Group for MCSA : Office 365.

Once again, Microsoft would like to reassure us all that Office 365 does not mean that we will all lose our jobs. Ummm. More kool-aid here. Strangely, they never wrote a part 2.

How to enable a debug trace for the Microsoft Online Services Sign-in Assistant, but not how to analyze it. Sigh.

Troubleshoot single sign-on setup issues in Office 365, Windows Intune, or Azure.

Refreshed advice on Using WAN Optimization Controller devices with Office 365. That’s those riverbed steelhead things… Tricksy.

Mixing Office 2007 and Office 365 causes problems editing Office documents in OWA.

Troubleshooting Lync Online DNS configuration issues in Office 365.

Troubleshooting *more* sign-in issues in Office 365, Azure or Windows Intune.

A List of Attributes that are Synced by the Windows Azure Active Directory Sync Tool.



Having problems with Lync after migrating your users to office 365? Richard Brynteson explains how to force lync to autodiscover again.

Troubleshooting Lync Sign in issues. Not new, but good. Plus it was linked to in this excellent article that explains a bit about the troubleshooting process…


And finally, those crazy cats at MSL have another video for you. If you can bear it, see super sigma and psychomagician explain how online proctored exams work. What, girls? No hats?


That’s it for now. Keep an eye out for that creeper.

Intersting things i see on the internet, September 25th

< It’s customary to start these things with “well, it’s been a while…” and I don’t see any reason for this one to be different.  I’ve missed a few things, either due to being on leave (Spain. It rained. A LOT.) or extremely busy (thank you, three of our large accounts beginning with “H” – it’s nice to feel wanted) – so, you’ll already be aware of CU6 for 2013, and the associated problems with it (and another one…),as well as the main improvements in there.. You’ll be busy making plans to install Exchange 2010 sp3 RU7. Exchange 2007 sp3 RU14 is also out, but it’s only a DST update. You’ll be aware that windows 2003 goes out of support in 10 months, so you’ll be planning to upgrade to 2012 R2. Note, that’s R2. Everyone is at the very top of their game, and ready to face the challenges that the autumn will bring. Great. Super.


Exchange Design:

Azure AD Sync is available for download. This will greatly simplify office 365 co-existence, apparently. Steve Goodman has a download link for the deck he and Michael Van Hybrid presented from at the UC Birmingham Users Group, here. Microsoft have published a handy feature comparison with Dirsync and FIM as well. Here’s a really enthusiastic article on it.


Exchange Troubleshooting:

The litigation hold problem in exchange 2013 is explained from a MS viewpoint here. Bharat Suneja has apparently tweeted that the fix will be included in CU7, which should be due out the end of November.

Clint Boessen discovers a problem with exporting mailboxes from exchange 2007 with Outlook 2010. The fix is to uninstall a couple of updates to outlook 2010.

A recent update to Google Chrome breaks OWA in exchange 2013 and office 365.

There are some new guided walkthroughs for Exchange, Lync Sharepoint and Office365. These assist you in troubleshooting or common configuration tasks, extremely worthwhile.

Nuno Mota is halfway through his “email forensics” series on – two more parts to go.

Jeff Guillet has an article on extended message tracing in office 365.


Exchange General:

This article from Ross Smith will be timely for some of you, I know, in which he explains how to protect against rogue administrators.

A nice tip and explanation on how to set AdminSessionADSettings ViewEntireForest to “true” by default from Rhoderick Milne. If you slightly adapt the advice in Bharat’s post here, you’re laughing.

Damian Scoles has a script for examining mail quotas in exchange 2013. I daresay with a little hacking about it’ll work equally well for 2010. He’s promising to update it as well… he also has an interesting post on using powershell for reporting.

How to move domains and settings from one EOP organization to another, in the case of a merger or a divestment or what-have-you.

There’s a brief summary and wrap-up of Exchange Connections, plus here’s Tony Redmond’s new podcast (with Paul Robichaux). Well, it’ll be there soon.

Anderson Patricio has published another instalment of his series on managing mailbox features through corporate profiles.

Michael B Smith has published a script that automates getting CAS configs. Looks useful.


Core General:

How to share regedit favorites between machines. Really. I can think of only a few uses for this, but the explanation is so cool I wanted to share it.

IPv6 nonsense, continued. Basically, if you’ve followed Microsoft’s advice on how to disable IPv6 then there’s a five second delay on boot you can remove. (note that’s *how to* disable it, not *to* disable. The general advice is unchanged. Disabling IPv6 is unsupported. Don’t do it.)

Microsoft learning are introducing online proctoring for MCP exams in America. I daresay this will make its way to the UK eventually. More here.

Message analyser v1.1 has been released. This makes me happy. I like message analyser because, to quote my colleague Mr Christie, “this knocks wireshark out of the park for non-networkheads”. It truly does. Lots of resources for those who want to get started here.

Samuel Drey has a great post on building system monitor consoles in Excel for monitoring perfmon counters.


Office 365:

Dave Gregory has started an ADFS deep-dive series on the askPFE platforms blog. How good is it? I’ll let him speak for it himself:

the power of the SSO experience and the underlying technology is transformative” (obviously this time they’re all for the federation).

The Microsoft Federation Gateway has had a certificate updated, so you’ll need to update your federation trust metadata. Rhoderick Milne has the scoop on it.

An explanation of the office 365 onboarding benefit process. And here is the office 365 etc etc

Why isn’t office 365 spam proof? Eh?

Brad Anderson has an interesting blog called “in the cloud”. He’s just published a good article on secure e-mail with mobile devices. The pictures are rotten, though.

How would you like a teeny amount of control over office 365 updates. Go on… you would you would you would. Actually, “teeny” is probably overstating it.



An update to the “top support solutions for Lync 2013” article. And one for Lync 2010.

An interesting post from Jeff Schertz on different Lync modalities. I had to look up modalities to understand it.

Richard Brynteson has a quick tip on automating the sending of reports from the SQL reporting server. His post includes the line “Make sure that the SMTP Server is setup to accept anonymous relay as there are no authentication options available from this management interface.” Better not, though, eh? Try following the method here for configuring the receive connector as “externally secured” instead.

And, finally, the people who brought you the ummm… “interesting” super sigma and psychomagician video on Exchange 2013 exams (simply awful, according to Tony Redmond) have produced another fix for a problem you didn’t even know you had. That’s right, certified MCP t-shirts for your Xbox avatar.

They are certified MCPs

It’s the end times, isn’t it? Time to start stocking up on corned beef.


If you’ve made it this far, have 15% off an MCP exam. You deserve it.

Intersting things I have seen on the internet, July 14th

First off – interesting things from the word of TMG – TMG 2010 SP2 RU5 is now available. Gosh. I’d also like to shout about this exciting development; Clint Huffman, the excellent engineer who is responsible for the PAL has written a book. It’s a touching tale of an orphan boy who is befriended by hedgehogs in Edwardian-era Leeds  about  windows performance analysis, unsurprisingly, it’s published in October, and it’s available for pre-order right now. If it’s half the book it could be, it will replace “Moby dick” on the nightstand, for me. Daddy loves perfmon.


Exchange Design:

An interesting summary of the current “why the hell doesn’t Exchange support NFS?” debate from Michel de Rooij. He makes the point toward the end that just because something works, doesn’t mean it’s supportable. An example is Exchange on AWS – you’re welcome to try it but your exchange support comes from Amazon, not Microsoft. Tony Redmond’s post on it is likewise interesting – notice Devin Ganger’s comments at the bottom – read them in conjunction with his blog post last week about virtualization technologies not being ready for exchange yet and it’s no wonder so many exchange implementations get into trouble.


Exchange Troubleshooting:

In 2013, if you update the notes field of a contact via a mobile device, it winds up blank. Known issue. Not yet fixed.

Using logparser to see what is using EWS…

A quick powershell one-liner for deleting IIS logs… why do you want to delete iis logs? Because there’s farsands of ‘em.

Farsands of ’em.

If you’ve just migrated a user from exchange 2003, you might not be able to open outlook if they have invalid characters in their legacyExchangeDN attribute.

“the Microsoft exchange administrator has made a change…” prompt cont’d – incorrectly decommissioning public folders can trigger it.


Exchange General:

Message recall. It’s garbage, basically, isn’t it? here are some suggestions for ways to make it less smelly.

A picture is worth a thousand words so here’s a cracking little script to display mailbox growth graphically. I prefer a pie chart personally. A pie would be even better.

Always handy to know; how to install the latest applicable updates for Microsoft outlook. It now covers how to use OffCAT to help you, as well. That’s right, no more hunting through binary versions – OffCAT will tell you which updates you need.

Damian Scoles, Exchange MVP and Unified  Comms guru is building a new lab. I now have lab envy. I’m running a 64GB ESXi 5.5 hypervisor on a fujitsu rx200 s6 with 6TB of iSCSI SAN and it’s clearly too damn small. Sigh.

Tony Redmond discusses the parlous state of Exchange Search, here. And that’s in office 365. It’s worse when you have to try and keep the services running yourself… 😀


Core General:

If Kerberos authentication is required, then a forest trust is necessary. I don’t care what it says on technet.

Elden Christensen has some interesting thoughts on sizing windows 2012 clusters. He also has an idiosyncratic way of spelling “chassis”.

Troubleshooting certificate errors with message analyzer – this is way cool even if they’re using a beta version…

Discussion of a useful tool for configuring ACLs

Gary Siepser explains why | fl  and | fl * return different result sets in powershell.


Office 365:

What’s new for June 2014, according to the office blog. Mostly Lync it seems.

Tony Redmond’s thoughts on Wave 16… probably a must-read for everybody…

A handy video summary of the new features of office 365 enterprise. “Enjoy your office instantly – wherever you go”. Sounds more like a threat to me.

The current top issues for outlook with office 365 – good idea to look here before wondering why things don’t work…

IDFix and the new fast-track onboarding process explained on channel 9.



If you’re new to lync, or contemplating the exams, as I am (in the same way as I’m contemplating my own mortality, with a sense of hopeful procrastination), then you may find the legendary techy’s new lync lab series of interest. If that all looks too manual for you and  you have access to a meaty windows 2012 box with hyper-V installed then you may prefer the lynclabonline script.

There have been some changes recently to the Lync Validator – it’s now hosted on Azure, for a start… What’s Lync Validator? Rob Brynteson’s online Lync 2013 design validation tool. Why not go and have a look at it over at


And finally…


It’s cleaner than water, it’s cheaper than porter, it’s GIN.


Whatever Happened to This Likely Lad?

So in August 2013 Jeff Dailey, the Director of Diagnostics at Microsoft Support was talking about Microsoft Fix-It Center Pro on Channel 9. He was really excited about it too, and who can blame him? It was really exciting stuff. Three months later, it was dead. I don’t know why. Like white dog poo, it’s a mystery. However, the automated diag packages remain, and are still being added to.

What’s the point?

If you’ve never used them, you’re really missing out. You may recall the old MPS report of some time ago, which gathered a huge amount of evidence from a machine and then just dumped it into a cab file. This was great, if you knew what to do with the data, but otherwise it was just 40MB of confusion. Some of it was obviously useful, like the event logs and cluster logs, some of it less so – do I care about symbols? No, not really. I’m shallow like that. There was the MPS report parser tool for the early implementations, which basically trawled through all the text files looking for the word “FAIL”, then later the MPS Report Viewer or you could use the old manual method.  But by and large, to get anything useful out of them, you had to have a pretty good idea what you were doing. Not any more. No longer do you have to know the meaning of:

00001df3.000016bd::2012/10/07-10:40:20.271 INFO  [GUM] Node 3: Processing GrantLock to 3 (sent by 2 gumid: 1249)


I exaggerate. Probably best if you know a little. These tools will sit on your poorly machine, run for a few minutes (maybe half an hour) and then tell you in short clear phrases *what is wrong*. Mostly. And if they don’t, hell , you’ve got all the evidence collected.


How to use them properly.

Go to the Support Diagnostics Website. It still retains the ghost of fix-it center pro in the title “ficp”. You will need to log in with your live id (a Hotmail account in other words).

Select the relevant package from the large number available – I lost count at fifty. I’m rather fond of the “Exchange Server 2007 and Exchange Server 2010 Diagnostic” but I’ll use the Windows performance Diagnostic for this post. Click on the diagnostic tool and give it a name.


You’ll need to download it and follow the instructions:


You may see references to “Microsoft Automated Troubleshooting Services” and “Microsoft Fix-it”. You’ll probably want to be an administrator to run it as well.1-4

Follow the steps as requested by the tool. It will ask if you want to install on the local machine or another machine, in which case it will create a portable diagnostic utility – more of this later. After a couple of minutes it will suggest you run a diagnostic tool to collect information from your computer. Do so. You can then wait up to an hour for the utility to do it’s thang.


Once it has finished, you’ll get the chance to check through the files it has collected and if necessary stop them being uploaded to Microsoft.1-5

Once you click “next” it will compress the files, and then give you a chance to save a copy of the cab file before uploading it to Microsoft.1-6

Click “send”, and then sit back and wait.1-7

If you go back to the Support Diagnostics page and click on the “recent sessions” tab, after a while (five minutes or so) you will see your upload has been received:1-8

But not yet analysed. This takes a couple of hours, usually, but keep checking back, and you’ll eventually see “completed”1-9

Click on the link, and see what the problem was:2-1

If you’re stuck, it gives you the option to “Get Assisted Support”. This will possibly (probably?) cost you money.

If you open the cab file you saved earlier (you did save it, didn’t you?) then you will see a whole heap of files. Some of them are clearly recognisable, some of them less so. The file you are after is called “resultReport.xml” – open this up in Internet Explorer, and bask in its troubleshooting goodness.2-2

Look at the things that is checking for! Networked PST files. Dodgy versions of SEP (SEP 1-SEP n, basically). Fantastic.

Click on the links for the issues that were found:2-3


And better yet, here’s where you get to make sense of the files it collected. Scroll down and expand detection details2-4

And then below that, there are links to all the evidence files you gathered:


But if you want, you don’t need to upload them:

Go to

Open link for the directed report generator

Click run

“save this file”

“click run”

Accept agreement

Select “a different computer” and tick “this machine has powershell in it”, if applicable.

Read the instructions and follow steps 1-3. Do not follow step four yet.2-6

Save the tool to a local disk on the machine to be investigated, and run it (preferably as an administrator).


Accept the license agreement, and the following screen will appear briefly, and then disappear. Nothing will happen for 15 seconds or so.2-8

You will then be asked to run the tool:2-9

Click start. The tool will take about 10-15 minutes to run, in some instances.3-1

When it finishes, you’ll see the following:3-2

Click next, and select a location to save the file. This can be a network drive.3-3

When it finishes creating the cab file you will see the following screen:


Click “close” and browse to the location you saved the evidence. Extract the cab file and enjoy resultreport.xml. I know I will.

I hope this is useful to you. I love these tools, and think they’re much ignored, outside of Microsoft, anyway…


Interesting things that i see on the internet, 30th May.


Ever wanted to know more about 3d printing? Course you have. How about two and a half hours of video on it, then? Channel 9 have done a video series overview that covers the hardware, software, use of kinect as a scanner and lots more on this that I will definitely watch once I have time – I’m planning on breaking a leg later this year, which will be an ideal opportunity.


Also, you may find something of interest in this post regarding self-training  from Ed Baker. It’s no surprise he works for Microsoft… however there is a new gamification attempt over at the MVA – wanna be a superhero? Thought not.


Exchange Design:

How to create a group policy that will add your ADFS servers to the local intranet group for users, facilitating single sign on.

Really, you’re not as clever as you think you are. Why you should avoid manual server hardening.


Exchange Troubleshooting:

Andrew S Higginbotham is one of the best exchange support guys around. His blog is always worth a read, and his latest post is no exception – basically, the customer had a little bit of a problem, and in trying to fix it, they created a bloody great massive one. When you’re in a hole, stop digging.

My friend Justin Harris has written two great posts on his blog, discussing ways of troubleshooting two common problems in Exchange 2013; using get-servercomponentstate when  services are stopped unexpectedly, and how to use pipeline tracing when transport agents are shot. Justin passed his MCM qual lab first time, and is therefore officially “insanely clever”.


Recent knowledgebase articles:

If you used the hybrid configuration wizard with exchange 2010, and then upgraded to 2013, you may be struck by this: “‎Subtask Configure execution failed” error when you run the Hybrid Configuration Wizard in Exchange 2013 after an upgrade from Exchange 2010

Don’t set the receive connector on your multirole exchange 2013 box to “hub transport” – it’ll break when you upgrade to SP1: The front-end Microsoft Exchange Transport service stops and does not restart after you upgrade to Exchange Server 2013 SP1

I’ve not called out the kb articles associated with sp3 ru6 or 2013 cu5 – have a look at the articles below for links. I’ll make an exception for “Store.exe crashes if you create a deeply nested subfolder in Outlook” though. we recently had exactly this problem with Exchange 2007 sp3 ru13 – as there are no more rollups coming out for 2007 by the look of it, then those of you on that product will remain vulnerable. I’m going to do a proper article on how to diagnose it and fix it in the very near future, honest.


Exchange General:

Exchange 2013 CU5 and Exchange 2010 SP3 RU6 have been released this week. As well as the EHLO blog posts, it’s probably worth casting an eye over Rhoderick Milne’s assessment of them; CU5 and RU6. Are you going to rush off and install them? I’d leave it a week or so and see who moans about what. So far this is the only thing I’ve seen for 2013 (Exchange Shared Cache Service restarts frequently in Exchange Server 2013 Cumulative Update 5), but I’d give it a few days more yet…

There is a always a huge amount of confusion over shared folders, especially calendars. Sam Drey answers the question “Is the calendar connection opened “on access” or is the connection made everytime the user opens Outlook?”

So you want secure remote powershell – why you don’t do it by just setting it on the powershell virtual directory (you break powershell ,and then you can’t use powershell to fix it)


Core General:

I found a link to a Mark Russinovich video on Channel 9, the microsoft “tv station”, which was great for three reasons – first, it’s Mark Russinovich (may his tribe increase), second it had links to a whole lot more of his stuff from this year’s Tech Ed, and thirdly it led me on to two links for stuff I’d not really bothered looking at before; the Defrag Show, a 25 minute troubleshooting show which has some great tips and tricks, and, even more excitingly, the Defrag Tools show, which is an irregular yet frequent deep dive into the troubleshooting tools used on the Defrag Show… this stuff is great – an hour on performance counters? You bet. Walkthroughs of analysing crashes and hangs, message analyzer, systinternals tools. This is essential stuff.

Also on channel 9 is this great link which has all the exam prep videos from TechEd – 75 minute presentations on common exams – including Exchange, Windows, Lync… you’re all doing exams, all the time, so I daresay this will be of some use…

They’re more alike than you might think – Andrew S Higginbotham uses ESEUTIL to fix an AD problem.

It’s the end-times, I tell ya. Powershell DSC. For linux.

A reminder that Microsoft release security updates as DVD ISO images – that’s handy for those of us with labs that are isolated from the internet.

A great article from Tom Moser on the AskPFE blog on how DCs are located across forest trusts. This is part two – part one was a year ago, and is here. This is the real stuff, and will give you a lovely warm glow when you’ve read it. for the third or fourth time, in my case.

Some new knowledgebase articles have been published:

You hopefully aren’t using iSCSI, but if you are, here’s another thing that doesn’t work very well: List of iSCSI targets may be truncated or missing

I know we’ve got some customers who do this sort of thing: You cannot create more than four SMTP virtual servers in Windows Server 2008 R2


Office 365:

Learn more about Support issues with Office 365 Message Encryption (OME), an easy-to-use service.

This might be a bit noddy for you all, but maybe not: Simplifying the Office 365 admin experience

The official Microsoft “security in Office 365” white paper was updated recently. I don’t know what the changes were, though. you might want to have a look.

Tony Redmond has written an interesting piece explaining how changes are introduced in Office 365.



Software defined networking for lync and unified comms. It’s coming someday, or maybe.

Jeff Schertz has written another blog post in his series on H.264 Scalable Video Coding  implementation in Lync 2013. See all of them here.


And finally,


Ever wondered how they laid transatlantic cables in the 50’s? well, wonder no longer. AT&T have released some video from their archives. It’s more interesting than I’ve made it sound.


Interesting things that i see on the internet, 19th May

I know, so soon? These things are always too long, so I’m going to try and get them out more frequently, so people don’t give up after the first four items.

I also wanted to share with you an interesting post on being a career hermit crab. In among all the good advice Ashley has for those who are both technically able and hate chasing other people for their timesheets there are two things that really stand out for me:

  1. Learn to code
  2. Learn powershell DSC

If you’ve not considered the former, and you’ve never heard of the latter, you might want to explore the possibilities.

Anyway, on to the meat. This is what you come here for, right?


Exchange Design:

what BDMs and architects need to know about Exchange Online and Exchange Server deployments”. In a poster. I assume that’s not *everything* architects need to know. Good work Microsoft, on reinforcing stereotypes… 😀

Paul Robichaux has written a post about running Exchange on Azure, and why it is a bad thing.


Exchange Troubleshooting:

A 1 hour webcast on troubleshooting activesync. It’s due on May 20th, but will be available for download shortly after, if you can’t make it.


Exchange General:

Ross Smith IV has published an article on the upcoming changes in OAB that we can expect in Ex2013 CU5. When’s CU5 out, btw, nick? No official date yet, but I’d put money on May 27th at the earliest. Will there be an exchange 2010 ru? I hope so…

Michel de Rooij, UC architect and MVP, has a slide deck here on the things he found interesting and useful at MEC.

Steve Goodman (another UC architect and MVP) has written a good explanation on his blog about why it’s not worth spending a ton of money on storage.  He’s also posted the slides from the recent Office 365 UK Midlands User group meeting if you’re interested.


Core General:

There have been a whole load of hotfixes published just recently for windows 2008 and 2012. Some highlights include the ability to use a range of ports for the udp comms in a failover cluster, instead of just port 3343, long certificate authority hostnames, A memory leak in Network Store Interface Service, a web client service cookie fix, XML errors due to Audit Event 4661, an interesting CRL related hotfix that requires careful thinking about before applying, NetLogon 3210 events, stop 50 errors in remote desktop sessions, yet another fix for multiple authentication prompt problems, iSCSI stress testing causes your computer to give up, new HBAs cause windows 2008r2 to crash, system state backups fail, Pass the Hash vulnerability, group policy preferences allow elevated privilege attack, MS14-027: Vulnerability in Windows shell handler could allow elevation of privilege, retrieval of paged results is interrupted when an LDAP server receives queries that generate many results and finally  Vulnerabilities in iSCSI could allow denial of service. Phew.

A marvellous article on cleaning up the winSxS directory by charity Shelburne on the AskPFE blog. I’m sure I’m not the only one who has computer semiliterate friends and relatives who ask “why can’t I just delete it? it’s got 7 drokking gig!”

Channel 9 are far quicker at getting the teched videos up than they were with lync or mec. Sigh. </poor relations>. Here’s the keynote, one on cloud for it professionals featuring a man in a hat, indoors, (!) and an actually decent one on powershell with Don Jones. I’ve not watched the keynote, as it’s two hours long.


Office 365:

A windows hotfix to address an apparent office 365 problem; Outlook may take two to three minutes to connect to an Office 365 mailbox.

This article has big pictures and friendly colours. I find this helpful. Choosing a sign-in model for Office 365. has just started a three part series on multifactor authN for Office 365. This is part 1. Parts two and three over the next couple of weeks, I expect.

Tony Redmond has a nice oped piece comparing gmail and office 365, here. Lots of good links in there, too.

Interesting things that i see on the internet, may 2014.

So, a lot has happened since my last post. Exchange 2003 has ceased to exist, utterly. If you think you have 2003 installed, you’re wrong. There is no such thing, so don’t ring me up about it. outlook 2003 has suffered the same fate.


Exchange 2010 sp2 has likewise stopped existing. If you’re not on SP3 then all I can see is a grey blur where your server is supposed to be. Outlook 2010 sp1 will suffer a similar fate in October – are you ready?



Exchange Design:

Many of you have been asking “what’s the replacement for TMG?” – I’ve already told you it’s WAP (in fact, I think I might of said IRR, and one of Mark Wilson’s team corrected me… :D). so, how do you use WAP? I was going to write a cheat sheet on it when my eternus arrived and I built my new lab (current ETA – 12th of never). Luckily the AskPFE blog has written it for me. Secure Extranet Publication of Exchange 2010 OWA via Server 2012 R2 Web Application Proxy. So there you go.


Rhoderick Milne has done a deep zoom of the Exchange 2013 SP1 architecture poster, so you can look at it on your phone. If you cache it, you can look at it while you’re on the tube. So much nicer than reading the adverts.


Ross Smith IV has written an article introducing the preferred architecture for exchange 2013. This is a bit of a departure for the product group, In the past they’ve left us to figure out what they meant. It’s pretty close to the office 365 architecture, apparently, so don’t expect it to change much over time (unlike the recommendations for exchange 2010).


Jeff Mealiffe has published a short update to Exchange 2013 sizing requirements for SP1. There’s also an updated edition of the Exchange Deployment assistant out.


Tony Redmond discusses recent changes in best practice that were talked about at MEC 2014.


Paul Robichaux has a couple of nice posts, one on the increasing usefulness of lagged copies in exchange 2013, and one around multifactor authentication for outlook.



Exchange Troubleshooting:

There has been a recent update to the “current issues with ActiveSync” kb article. It’s worth making a habit of checking this article – device software updates pretty rapidly, and this the first place confirmed problems get listed.


The “troubleshooting longrunning MAPI connections through load balancers” article has also had a recent update, although it still seems not to include scott schnoll’s suggested best practice from 2012. If you can’t be bothered digging through  an hour long two year old presentation, Jeff Guillet has helpfully abstracted and interpreted it here. It says “set it to 120 minutes”. Scott says “set it to 120 seconds”. For absolute clarity – the value that we’re talking about is “HKLM\Software\Policies\Microsoft\Windows NT\RPC\MinimumConnectionTimeout” yes, I know in the past I have told people not to fiddle with this setting. The advice was correct at the time ;-). In the meantime, I’d follow Scott’s advice. He’s rarely wrong.


For those of you running three node DAGS on windows 2008 r2 here is a reminder about an important hotfix for a known error in cluster comms that can cause perfectly good nodes to lose quorum when there is a comms issue. If you haven’t got this installed you might want to ask yourselves “why?”. Waiting until you’ve got a cluster down is probably a bad time to decide whether or not you need it.


I’ve mentioned before the guided walkthroughs that MS have started publishing. These cover setup and troubleshooting of common scenarios, and are really useful for making sure that you’ve got everything covered and done in the right order – they’re handy for you, in that you know you’ve got everything right, and they’re handy for me because they generate all the right evidence. There are now a load of walkthroughs published for Exchange Online (sharing calendar and contacts, hybrid migration, outlook connectivity), Lync Online (set up external comms, troubleshoot sign-in) and Sharepoint Online (onedrive setup). I thoroughly recommend you have a look, and more importantly, have a play.


Steve Griffin, author of one of the finest client troubleshooting tools, MFCMapi, has written a nice little script for automatically attaching procdump to outlook to generate memory dumps when it crashes. Interesting in that it automates something I have to do on occasion, but also because it doesn’t have to be outlook.exe…


Updated “top support” articles for Exchange 2010 and Exchange 2013.


Remember the days of starting up a telnet session and blatting out a few emails on the cmd line? Now we have to use PuTTY, but even that has its drawbacks. So say HELO to pelnet. That’s Powershell Telneting, to you.


I have been quite vocal on the subject of item count in the past; well here is an interesting article regarding that very topic – Some folders are not visible in outlook web app. It turn out, the maximum number of folders in one mailbox that can be displayed in OWA is 10,000.


Tim McMichael has written a couple of good blog posts on cluster networks – what constitutes a “failure” and another brief one pointing to Elden Christensen’s post on tuning failover cluster network thresholds.


Exchange General:


Mark Wilson has sent us a link to all the MEC video content –


Earlier this year I passed on a link to a post about improvements in Exchange Online Protectionhere’s the second part.


This is one of those things I’ve mentioned in the past and is due for a reminder – best practices for configuring delegates in outlook 2010. If you have sniffy vip users with sniffier PAs, then perhaps you need to read this article. Perhaps? Who am I kidding? There’s no perhaps. Read, mark, learn and inwardly digest.


There’s a new Exchange 2013 on Windows 2012 r2 base config test lab guide been published. If you have a good root around that site you can unearth some real gems. Once my eternus comes…


The exchange team blog has a pretty good and reasonably thorough explanation of outlook and MAPI over HTTP here. This is, I am told, going to be the preferred method of connecting outlook to exchange, eventually, so we’d better get used to it. The product group would prefer it if we ditched the client altogether and all used OWA, mind.


A nice post here from Clint “K-Bomb” Boessen elaborating on real time block lists and exchange 2013.



Core General:

A little explanation of how much support you can expect if you decide to try NATing your domain controllers; basically “don’t do it”. this is an interesting philosophical question, and neatly illustrates the difference between design and operations. When I point out things like this, I quite often get designers asking me why it’s not supported and can, if I’m not careful, en up in a protracted discussion about the feasibility of doing this or that very clever technique. Operations tend to care less about why. The long and the short, from an operations point of view, is that MS have told us, in advance, that if we do this sort of thing they’ll not support it. the bottom line is it is an untested solution. MS haven’t tested it, so they don’t support it. if we test it an decide it’s a great solution, then MS will expect us to provide support for it. it probably won’t make a difference if that support is required at 2am. in short, when you’ve got a crocodile chewing your leg, it’s not the time to start wondering if it might not be an alligator.


Many years ago MS used to produce a tool called the Microsoft Premier Support Reporting Tool, which gathers a great bunch of logs and diagnostic tool output. A particularly popular version was called the PFE MPSRT, which not only gathered the stuff for the OS, but also exchange sql and some other things that might be installed This has been replaced for some while now by the Microsoft Support Diagnostic Tool, which while being much better than MPSRT, is also much more focussed, with versions for Clustering, Name resolution and god knows what. The good news is they’ve released a PFE version, here. This should help us get a lot more info in the first pass. There have been a whole bunch of other new diagnostic tool packages released recently as well: PKI, MaxConcurrentAPI, Machine memory dump collector, and a package for VSS and backups.


So you’d like to know more about azure, hyper-v and stuff, but you just don’t know where to start? Fancy some certifications, but don’t have the time or money to go to a class? Try the early experts programme. You can’t win the surface, unfortunately.


MSPress announce that there is an updated version of the Microsoft Script Browser available –View article… what’s the script browser? A tool for browsing the script repository  –  a collection of powershell, vb etc scripts that do useful things, hosted by Microsoft. Not necessarily written by them, mind. There’s al so a useful tool that will help you clean up your code and suggest better alternatives…


You may find this short video on virtualising office of interest – it’s a bit noddy, but there are some better links off the first page… The new Office: Managing Office in Virtualized Environments


Updated “top support” articles for windows 2008 and  windows 2012 and 2012 r2.


Here is an active directory article that I found really interesting. How to use a snapshot to recover AD attributes. Now, before you go “oh nick, AD and snapshots?”, this is written by a MS PFE who is also an AD and powershell expert. It looks really neat-o. I’d not even think about doing this in your live environment until you’ve thoroughly tested it in your lab – not because I think there’s anything wrong with the method, but because I think you need to really understand it before putting it in live.


If you’re using the latest version of netmon,  Message Analyser(or playing with it, like I am), then you really should be reading the MA blog. There’s been a couple of good posts on there in the last month, one on filtering and a more general “tips and tricks” one. It looks great, so why am I still using wireshark? Sigh.


Office 365:

Oh how we laughed at the RUS in 2003. What a pathetic excuse for a service. Turns out it had its uses after all – because it scavenged stale AD attributes, it meant 2003 objects were immune from this little problem – stale or invalid GAL entries prevent Exchange Online migration.


There’s lots of articles about how to migrate to exchange online. There’s a few on how to merge exchange organisations while doing a exchange online migration. Until now, I’ve not seen anything on how to merge two different exchange online organisations.


Possibly of more interest to us, here’s a video on how to use multifactor authentication with Office 365.


Why trying to lock down access to office 365 using IP addresses is a big pain in the neck. Office 365 content delivery networks explains why you shouldn’t do it this way. More detail on client connectivity here.


Self service password reset for users of Windows Azure Active Directory. Sounds cool. Here’s how to set it up and use it… and there’s more on WAAD premium here.


There’s a webcast introduction to the new diagnostic features in office 365 here. That url seems a little non-specific, so if you are coming to this in a few weeks time, and the url takes you to a video that appears completely different to the one you expected, try this link instead.


Here’s a link to the announcement about encrypted storage for office365.


Rhoderick Milne has a done a series of articles on enabling ADFS 2012 r2 for Office 365. Start here. He’s also done a nice “how-to” on enabling ADFS extranet account lockout protection.


It’s probably worth calling out the article on ADFS troubleshooting that he mentions. Not that anyone will need it – what could possibly go wrong with ADFS?


The UCGuy blog has done a series of helpful tips on office 365 migrations which look interesting.



Updated “top support solutions for Lync 2013” article.


Garry Newsham has emailed in a link to the Lync  (see what I did there?) conference slides –





Right, hopefully you’ve made it this far. If so, may I commend a couple of blogs to you? First of all my friend Justin Harris has a blog here called NT Excellence – talk about setting yourself up for a fall, and some of his stuff can be found on GeeksWithABlog as well, which he writes with another of my acquaintances, Larry Novak. Both blogs are pretty new, and could do with some encouragement…