Tag Archives: windows 2008

Interesting things that i see on the internet, 19th May

I know, so soon? These things are always too long, so I’m going to try and get them out more frequently, so people don’t give up after the first four items.

I also wanted to share with you an interesting post on being a career hermit crab. In among all the good advice Ashley has for those who are both technically able and hate chasing other people for their timesheets there are two things that really stand out for me:

  1. Learn to code
  2. Learn powershell DSC

If you’ve not considered the former, and you’ve never heard of the latter, you might want to explore the possibilities.

Anyway, on to the meat. This is what you come here for, right?


Exchange Design:

what BDMs and architects need to know about Exchange Online and Exchange Server deployments”. In a poster. I assume that’s not *everything* architects need to know. Good work Microsoft, on reinforcing stereotypes… 😀

Paul Robichaux has written a post about running Exchange on Azure, and why it is a bad thing.


Exchange Troubleshooting:

A 1 hour webcast on troubleshooting activesync. It’s due on May 20th, but will be available for download shortly after, if you can’t make it.


Exchange General:

Ross Smith IV has published an article on the upcoming changes in OAB that we can expect in Ex2013 CU5. When’s CU5 out, btw, nick? No official date yet, but I’d put money on May 27th at the earliest. Will there be an exchange 2010 ru? I hope so…

Michel de Rooij, UC architect and MVP, has a slide deck here on the things he found interesting and useful at MEC.

Steve Goodman (another UC architect and MVP) has written a good explanation on his blog about why it’s not worth spending a ton of money on storage.  He’s also posted the slides from the recent Office 365 UK Midlands User group meeting if you’re interested.


Core General:

There have been a whole load of hotfixes published just recently for windows 2008 and 2012. Some highlights include the ability to use a range of ports for the udp comms in a failover cluster, instead of just port 3343, long certificate authority hostnames, A memory leak in Network Store Interface Service, a web client service cookie fix, XML errors due to Audit Event 4661, an interesting CRL related hotfix that requires careful thinking about before applying, NetLogon 3210 events, stop 50 errors in remote desktop sessions, yet another fix for multiple authentication prompt problems, iSCSI stress testing causes your computer to give up, new HBAs cause windows 2008r2 to crash, system state backups fail, Pass the Hash vulnerability, group policy preferences allow elevated privilege attack, MS14-027: Vulnerability in Windows shell handler could allow elevation of privilege, retrieval of paged results is interrupted when an LDAP server receives queries that generate many results and finally  Vulnerabilities in iSCSI could allow denial of service. Phew.

A marvellous article on cleaning up the winSxS directory by charity Shelburne on the AskPFE blog. I’m sure I’m not the only one who has computer semiliterate friends and relatives who ask “why can’t I just delete it? it’s got 7 drokking gig!”

Channel 9 are far quicker at getting the teched videos up than they were with lync or mec. Sigh. </poor relations>. Here’s the keynote, one on cloud for it professionals featuring a man in a hat, indoors, (!) and an actually decent one on powershell with Don Jones. I’ve not watched the keynote, as it’s two hours long.


Office 365:

A windows hotfix to address an apparent office 365 problem; Outlook may take two to three minutes to connect to an Office 365 mailbox.

This article has big pictures and friendly colours. I find this helpful. Choosing a sign-in model for Office 365.

MSExchange.org has just started a three part series on multifactor authN for Office 365. This is part 1. Parts two and three over the next couple of weeks, I expect.

Tony Redmond has a nice oped piece comparing gmail and office 365, here. Lots of good links in there, too.

Danger, Will Robinson!

SP3 for 2010 has been announced this morning (well, last night, but…), ships early next year, and appears to mostly be about getting exchange 2010 to sit on windows 2012. yay. now i can pretend i’m running my exchange server on a phone. It also includes a load of stuff to get 2010 to work with Exchange 2013.  The big flashing warning light is that this will require a schema update, and therefore is not something to just be stumbled into.

Now, I’ve never seen a schema upgrade go wrong, but the possible fallout might be catastrophic, so be prepared.

here’s some good information, that may well go against what you previously thought you need to do:

that’s right – DON’T isolate your schema master; make sure you’re in a good place with regard to backups, though.

Enhanced by Zemanta

At what point can I blame the storage?

I quite often find myself wishing a problem would go away. I get desperate to hand off the whole thing to, say, a SAN engineer and be done with it. At what point then is it possible, when troubleshooting poor storage latency,  to do this?

Say i’m looking at some pretty shoddy secs/write on a LUN. I can say to the storage guy “i don’t like your storage”. He then tells me that the secs/transaction he sees are fine. Is there any way to get just a little bit more info out of the box to narrow down the problem (or slope my shoulders just a little bit more?)?

yes there is.


As far as i can make out, if you follow that article you can get a measure of how long it takes the storport driver to get a response from EVERYTHING ELSE. So, if you’re seeing 50ms/read in the perfmon, but it never goes above 30ms to service a request, you might want to make sure you’ve got the latest version of storport on your system. Conversely if (like me) you’re seeing 500ms request times in storport, you get together with Mr Storage and go yell at the network elves.

Automating collection of performance monitor counters for Exchange, on windows 2008.


It is frequently necessary to collect performance counters to troubleshoot problems on servers. Unfortunately, quite often the condition we are trying to troubleshoot is transient, and by the time an administrator is alerted to the problem it has already passed. This document describes a method to set up automated performance monitoring that can be triggered by a particular performance condition being met.

It involves setting up a performance alert to write an event to the application log, and then using the latest version of task scheduler to start a batch job based upon the appearance of that event.

This article applies to Windows 2008 and 2008 R2, and Exchange 2007 and 2010.


Part 1. Setting an alert condition

First, set up alert condition by following http://technet.microsoft.com/en-us/library/cc722414.aspx

To create a Data Collector Set to monitor Performance counters

  1. To open Windows Performance Monitor, click Start, click in the Start Search box, type perfmon, and then press ENTER.
  2. In the Windows Performance Monitor navigation pane, expand Data Collector Sets, right-click User Defined, point to New, and click Data Collector Set. The Create new Data Collector Set Wizard starts.
  3. Enter a name for your Data Collector Set.
  4. Select the Create manually option and click Next.
  5. Select the Performance Counter Alert option and click Next.
  6. Click Add to open the Add Counters dialog box. When you are finished adding counters, click OK to return to the wizard.
  7. Define alerts based on the values of performance counters you have selected.
    1. From the list of Performance counters, select the counter to monitor and trigger an alert.
    2. From the Alert when drop-down, choose whether to alert when the performance counter value is above or below the limit.
    3. In the Limit box, enter the threshold value. Eg, if you want to gather performance data when cpu utilisation is greater than 95%, enter “95”
  8. When you are finished defining alerts, click Next to continue configuration.
  9. After clicking Next, you can configure the Data Collector Set to run as a particular user. Click the Change button to enter the user name and password for a different user than the default listed.
  • If you are a member of the Performance Log Users group, you must configure Data Collector Sets you create to run under your own credentials. Data Collector Sets run as the System user by default. As a security best practice, you should accept this default value unless you have a compelling reason to change it.
  1. Click Finish to return to Windows Performance Monitor.
  • To view the properties of the Data Collector Set or make additional changes, select Open properties for this data collector set. For more information about the properties of the Data Collector Set, see Data Collector Set Properties.
  • To start the Data Collector Set immediately (and begin saving data to the location specified in Step 8), select Start this data collector set now.
  • To save the Data Collector Set without starting collection, select Save and close.

To configure alert actions

  1. Expand Reliability and Performance in the navigation pane.
  2. Expand Data Collector Sets, expand User Defined, and click the name of the Data Collector Set with performance counter alerts.
  3. In the console pane, right-click the name of a Data Collector whose type is Alert and click Properties.
  4. On the Data Collector Properties page, click the Alerts tab. The data collectors and alerts already configured should appear.
  5. Click the Alert Action tab to choose to write an entry to the event log Applications and Services Logs/Microsoft/Windows/Diagnosis-PLA/Operational when the alert criteria are met. You can also start a Data Collector Set when the alert criteria are met; Don’t do this.
  6. Click the Alert Task tab to choose a Windows Management Interface (WMI) task and arguments to run when the alert criteria are met. Don’t do this.

This will give you  an alert that writes a 2031 event to the log named in step 15, above.

Part 2. Creating the batch file

First, set the PowerShell environment. Open the Exchange Shell and run the following:

Set-ExecutionPolicy RemoteSigned

Then download and extract the ExPerfWiz powershell script from the Microsoft website:


Make sure to download the latest version – 1.3.7 or higher.

Then Create a batch file to run the experfwiz script:

  1. Open notepad
  2. Copy the text below into the open document, and save it as C:\perfwiz\experfwiz.bat, or something equally usable. Try and avoid spaces or non standard characters in your path.

PowerShell.exe -command “. ‘c:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1’; Connect-ExchangeServer -auto; c:\experfwiz\experfwiz.ps1 -duration 00:15:00 -interval 1 -quiet”

  1. You will need to check:

Location of Exchange binaries for the RemoteExchange.ps1 script.

Location of ExPerfWiz script

Version of ExPerfWiz script – only 1.3.7 and later support the –quiet switch.

Change duration and interval to something suitable. In the example above the duration is 15 minutes, and the interval is two seconds.

Part 3. Scheduling the batch file

The batch file will be run by setting up a scheduled task that will run every time an event id is logged. The Event ID that you will use to trigger the Log:

Log: Microsoft-windows-diagnosis-PLA/operational

Source: Diagnosis-PLA

Event id:  2031

Now to create a Scheduled Task.

  1. If Task Scheduler is not open, start Task Scheduler. For more information, see Start Task Scheduler.
  2. Find and click the task folder in the console tree that you want to create the task in. If you want to create the task in a new task folder, see Create a New Task Folder to create the folder.
  3. In the Actions Pane, click Create Task.
  4. On the General tab of the Create Task dialog box, enter a name for the task. Make sure it is running under an admin account, and that it is set to run only when the user is logged on. You will need to remain logged on to the server for the duration.
  5. On the Triggers tab of the Create Task dialog box, click the New… button to create a trigger for the task, and supply information about the trigger in the New Trigger dialog box. Select On an Event to start the task.Fill in the details for the event as shown in the picture below.
  6. On the Actions tab of the Create Task dialog box, click the New… button to create an action for the task, and supply information about the action in the New Action dialog box. Select Start a Program, and browse to the batch file you created in part 2, above. Once this action is saved you can, if you choose, set it to also send you an email when the condition occurs.
  7. Click the OK button on the Create Task dialog box.

Part 4. Final checks, and what to do next.

  • Make sure that the data collector set is running.
  • Make sure that the batch file will work by starting it manually. Check the c:\perflogs folder for the generated log file.
  • Make sure that the process works – do this by setting the data collector set to alert on a commonly met condition, such as cpu utilization = 20%. Check that:
    • The event is logged in the Applications and Services Logs/Microsoft/Windows/Diagnosis-PLA/Operational event log.
    • The scheduled task is triggered by selecting the task, and checking the “history” tab in the lower window of the scheduler console.
    • The perfmon log is generated and saved to the C:\perflogs directory.

When the condition is met, the task triggered, the batch file ran and the log generated, why not use PAL to analyze it. I would.

The batch file doesn’t have to point to ExPerfWiz, of course. It could quite easily point to a batch file that triggers logman, or you could avoid using a batch file altogether and set perfmon up to trigger a data collector set instead of an event. For more details on using logman with a batchfile see our nutshell “Scripting Perfmon for Win XP through to Win 2008”

Thanks to Mike Lagase for the excellent ExPerfWiz script, and Amit Tank at exchangeshare.wordpress.com for his article on scheduling Exchange tasks. And obviously thanks to technet, where I’ve ripped great chunks of this from.



if you want the script to mail you a little email to say it’s done, or similar, then you’ll want to read Morgen Simonsen’s blog, here:



you may also find it useful to have a mail method that avoids CDOSYS altogether: