Thursday, May 18, 2017

WSUS Clients not Reporting or downloading updates

I had a large customer where all clients stopped downloading updates in November 2016.  Even after building a new WSUS server, clients would not update.

Clients were reporting the following error:

Code: 80244008 Windows Update encountered an unknown error.


The newly built WSUS server had all clients coming up in the "All Computers" list however no clients were reporting.

To resolve the issue, we had to delete the "C:\Windows\SoftwareDistribution" folder on each workstation.  This can be done with the following batch script:

net stop wuauserv
rd /s /q %windir%\SoftwareDistribution
net start wuauserv
wuauclt /detectnow /reportnow


After running this, the client then reports into WSUS and begins downloading updates.


 
Now this client has approximately 1000 computers on their network.  We do not want to go around to every workstation to run the batch script and delete the SoftwareDistribution.
 
You can use psexec from SystemInternals to do this across all computers in one batch script.  Save the batch script above to \\domain\netlogon as shown below:
 
@ECHO OFF
For /f %%i in (c:\computers.txt) do (
Echo ************************
Echo %%i
Echo ************************
psexec \\%%i -h -u domain\username -p password "\\domain\netlogon\resetsoftwaredistribution.bat"
)
pause
 
You will need to get a list of all computers from WSUS that are not reporting.  As you can not export lists from WSUS Management Console, you will need to install SQL Management Studio and connect to the Windows Internal Database (WID) hosting WSUS - or an external database in the event your not using WID!
 
 
Use the following TSQL query to get the first 1000 rows from the tbComputerTarget table in the SUSDB database.
 
SELECT TOP (1000) [TargetID]
,[ComputerID]
,[SID]
,[LastSyncTime]
,[LastReportedStatusTime]
,[LastReportedRebootTime]
,[IPAddress]
,[FullDomainName]
,[IsRegistered]
,[LastInventoryTime]
,[LastNameChangeTime]
,[EffectiveLastDetectionTime]
,[ParentServerTargetID]
,[LastSyncResult]
FROM [SUSDB].[dbo].[tbComputerTarget]
 
Use the following TSQL query to get the first 1000 rows from the tbComputerTarget table in the SUSDB database.  All the computers who have never reported or synced will have status NULL.
 
Use the FullDomainName column to copy and paste the hostnames of the computers into the c:\computers.txt text file on your PSEXEC computer.
 
 
 Running the script against all the remote workstations will fix your issue!

Friday, April 21, 2017

WSUS Console Freezes when the Server Cleanup Wizard

A common administration task of maintaining a WSUS server is cleaning up old legacy updates no longer required running the Server Cleanup Wizard.


If you have a large amount of updates which need cleaning, the Server Cleanup Wizard often freezes making it impossible to clean old updates from the WSUS Database.

If this happens, install SQL Management Studio onto the server an connect to the Windows Internal Database used by WSUS.

Run the following query to clean up old updates (this can take hours to run):


exec spGetObsoleteUpdatesToCleanup

DECLARE @var1 INT
DECLARE @msg nvarchar(100)

CREATE TABLE #results (Col1 INT)
INSERT INTO #results(Col1) EXEC spGetObsoleteUpdatesToCleanup

DECLARE WC Cursor
FOR
SELECT Col1 FROM #results

OPEN WC
FETCH NEXT FROM WC
INTO @var1
WHILE (@@FETCH_STATUS > -1)
BEGIN SET @msg = 'Deleting ' + CONVERT(varchar(10), @var1)
RAISERROR(@msg,0,1) WITH NOWAIT EXEC spDeleteUpdate @localUpdateID=@var1
FETCH NEXT FROM WC INTO @var1 END
CLOSE WC
DEALLOCATE WC
DROP TABLE #results


After a few hours the query should finish.  Once finished, you will need to run a "wsusutil reset" from an elevated command prompt.

"wsusutil reset" will also take a few hours to complete as it needs to scan every update on disk against the database and delete any that no longer exist in the database.

Hope this post has been helpful.

Friday, March 31, 2017

Unable to remove Mailbox Database or Uninstall Exchange

I had an issue removing Exchange 2010 today at a customer site.  A very generic issue occurred when attempting to perform the uninstall where the following error was generated.

Error:
Uninstall cannot continue. Database 'DEVEXCH170-01-CEO and Councillors': This mailbox database contains one or more mailboxes, mailbox plans, archive mailboxes, or arbitration mailboxes. To get a list of all mailboxes in this database, run the command Get-Mailbox -Database . To get a list of all mailbox plans in this database, run the command Get-MailboxPlan. To get a list of archive mailboxes in this database, run the command Get-Mailbox -Database -Archive. To get a list of all arbitration mailboxes in this database, run the command Get-Mailbox -Database -Arbitration. To disable a non-arbitration mailbox so that you can delete the mailbox database, run the command Disable-Mailbox . To disable an archive mailbox so you can delete the mailbox database, run the command Disable-Mailbox -Archive. Arbitration mailboxes should be moved to another server; to do this, run the command New-MoveRequest . If this is the last server in the organization, run the command Disable-Mailbox -Arbitration -DisableLastArbitrationMailboxAllowed to disable the arbitration mailbox. Mailbox plans should be moved to another server; to do this, run the command Set-MailboxPlan -Database .


This error is normal when you have a database that has a mailbox, archive mailbox or arbitration mailbox.  It can also happen if it is associated with a Mailbox Plan (in a multi tenant environment).

In my case, there was no mailbox in the database!


Also the verbose command is meant to show you which mailbox resides in the database in the event one is present as per Exchange MVP Tony Redmond's post here:

http://windowsitpro.com/blog/exchanges-most-annoying-and-confusing-error-message

In this environment, the mailbox causing the issue was not displayed in the verbose output!


After much troubleshooting I decided to export the entire domain partition to a text file and search for the database name.

This was done with the following command:

dsquery * domainroot -attr * -limit 0


After searching the text file for the database name in question I saw that a legacy user IORepl (which was used by the Inter-Org Replication Tool for a previous cross-forest migration) is associated with the database.


 You can do two things here:
  • Clear the HomeMDB attribute
  • Delete the object.
As this account is no longer required, I simply deleted the object.

This fixed the problem.  No idea why it didn't return the mailbox object in PowerShell!

Sunday, March 12, 2017

Error 0x800f0922 attempting to reprovision DHCP Server

We needed to re-provision a DHCP server running Windows Server 2012 R2 which was recently demoted and the role removed.  When attempting to re-add the role the following error was experienced:

The request to add or remove features on the specified server failed.  Installation of one or more roles, role services, or features failed.  Error: 0x800f0922


After much misleading information on the Internet, to resolve this error we simply needed to remove the "dhcp" folder from C:\Windows\System32\

For fast effective IT Support in Perth, contact Avantgarde Technologies.

Wednesday, February 22, 2017

Pop and Crackling in Ableton 9.7.1 with Serum

 I was having many issues with crackling on Ableton 9.7.1 running the Serum VST even though my CPU usage was only 20-30%.  After extensive research I disabled the Intel SpeedStep and TurboMode technology which automatically increases the clock speed of the processor under heavy load.  Ableton was not able to detect the clock speed change of the processor and as the processor clock speed changed based on load, it interfered with my audio playback.

To fix this you need to enter your computers BIOS outside of Windows.

Here is a snapshot of my workstation where I disabled SpeedStep and TurboMode Tech.

 

Thursday, February 16, 2017

Kerberos Error Connecting to Exchange 2010

Using an old user account at a customer site, I had the following error when attempting to connect to Exchange Management Console (EMC).

The following error occurred while attempting to connect to the specified Exchange server 'server.domain.local:

The attempt to connect to http://server.domain.local/powershell using 'Kerberos' authentication failed: Connecting to the remote server failed with the following error message : WinRM cannot process the request. The following error occurred while using Kerberos  authentication: The network path was not found.


To resolve this issue, delete the NodeStructureSettings registry key from

HKEY_CURRENT_USER\Software\Microsoft\ExchangeServer\v14\AdminTools


For specialised IT Support in Perth, contact us.

Wednesday, February 8, 2017

Disabling Modern App Bloatware on Windows 10 Image

Windows 10 comes with much unwanted bloatware in the form of "ModernApps".  These apps include:
  • Netflix
  • Pandora
  • Skype Preview
  • Paid WiFi & Mobile
  • Xbox
  • Get Office
  • Microsoft Solitaire Collection
  • Groove Music
  • Adobe Photoshop Express
  • 3D Builder
Many more unwanted apps... some regions even get Mimecraft!

What is very annoying is Microsoft believes these applications are required "by default" even in Windows 10 Enterprise Edition which is targeted at corporations.

If a user removes these applications, they automatically reinstall by default making it more frustrating.

So - you want to build your corporate image but and remove all Windows 10 Bloatware and modern applications which Microsoft deem necessary for all users?  Here what we needed to do on our Windows 10 Enterprise anniversary update 1607.

First of all don't join your Windows 10 image to the domain.  If you join the Windows 10 Enterprise 1607 image to an Active Directory domain (even if you isolate the computer so it does not receive policy), sysprep fails with the following.

Sysprep was not able to validate your Windows installation.

 
In the setupact.log on the server the following error is generated from domain joining.  I believe this is a bug and I will be raising it with MS.
 
2017-02-07 16:45:40, Error     SYSPRP Failed to remove apps for the current user: 0x80073cf2.
2017-02-07 16:45:40, Error     SYSPRP Exit code of RemoveAllApps thread was 0x3cf2.
2017-02-07 16:45:40, Error[0x0f0082] SYSPRP ActionPlatform::LaunchModule: Failure occurred while executing 'SysprepGeneralizeValidate' from C:\Windows\System32\AppxSysprep.dll; dwRet = 0x3cf2
2017-02-07 16:45:40, Error     SYSPRP SysprepSession::Validate: Error in validating actions from C:\Windows\System32\Sysprep\ActionFiles\Generalize.xml; dwRet = 0x3cf2
2017-02-07 16:45:40, Error     SYSPRP RunPlatformActions:Failed while validating SysprepSession actions; dwRet = 0x3cf2
2017-02-07 16:45:40, Error[0x0f0070] SYSPRP RunExternalDlls:An error occurred while running registry sysprep DLLs, halting sysprep execution. dwRet = 0x3cf2
2017-02-07 16:45:40, Error[0x0f00d8] SYSPRP WinMain:Hit failure while pre-validate sysprep generalize internal providers; hr = 0x80073cf2
2017-02-07 16:46:54, Info [0x0f0052] SYSPRP Shutting down SysPrep log
2017-02-07 16:46:54, Info [0x0f004d] SYSPRP The time is now 2017-02-07 16:46:54
Make all changes to the image in "WORKGROUP" mode to ensure it never touches the Active Directory domain so sysprep will run.
 
Stop Bloatware from Re-downloading from MS Cloud
 
Next we want to stop Windows 10 from automatically "redownloading" bloatware apps after we remove them.
 
Method 1
 
Add 32-bit DWORD value named DisableWindowsConsumerFeatures
 
to:
 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CloudContent 
 
Note: You will want to create the CloudContent Key.
 
Method 2
 
Method 2 involves deploying the regkey via you AD Domain/local policy.  During image creation as your machine is workgroup, it wont be able to get this policy from the domain.
 
Computer Configuration –> Administrative Templates –> Windows Components –> Cloud Content
 
“Turn off Microsoft consumer experiences”
 
Note: I recommend deploying Method 1 on the image itself immediately after being built as the image will start downloading bloatware as your configuring your base SOE.
 
Remove the Default Bloatware
 
Next you will want to remove all default Windows 10 Bloatware "Modern Apps".  To remove this from your image from an elevated PowerShell command prompt run:
 
Get-ProvisionedAppxPackage -Online | Remove-ProvisionedAppxPackage -Online
 
If you want to review the list of bloatware before running the above command, run this:
 
Get-AppXProvisionedPackage -Online | Select PackageName
After you remove the bloatware, make sure you run the following command from the user account you want to sysprep from, or sysprep will fail once again as per https://support.microsoft.com/kb/2769827
 
Get-AppxPackage | Remove-AppxPackage

Classic Shell
 
In this image I installed the classic shell App to give all users the standard Windows 7 start menu and remove the modern app interface all together.  This was downloaded from:
 
 
We only installed Classic Start Menu, not Classic Explorer, Classic IE or any of the other options from this download.
 
Default Profile
 
Items such as Edge cannot be removed from Windows 10 just like IE cannot be removed from Windows 7. We created a new Default Profile and removed the Edge icon from the task bar, configured the taskbar classic shell and setup default wallpaper etc.
 
Other Important Policies We Applied

Other important policies we deployed to the Active Directory Domain Group Policy for Windows 10 machines include:
 
Disabling the Windows Store:
 
Computer Configuration, Administrative Templates,  Windows Components, and then click Store.
In the Setting pane, click Turn off Store application
 
Disable OneDrive
 
Computer Configuration > Administrative Templates > Windows Components > OneDrive
 
Prevent the usage of OneDrive for file storage
 
Disable Cortana
 
Computer Configuration > Administrative Templates > Windows Components > Search
 
"Allow Cortana" --> Set to disabled.
 
Default Apps
 
Configure Windows 10 to use Windows Media Player and Internet Explorer as default apps (or alternative) and export the default App config with:
 
dism /online /export-defaultappassociations:\\localhost\c$\AppAssoc.xml
 
Deploy the xml file with Group Policy from a file share:
 
Administrative Templates\Windows Components\File Explorer\Set a default associations configuration file
 
Tip for Creating the Image
 
We wanted to create a driver independent image as we are deploying with SCCM and we need to layer the drivers based on the various client hardware.  As a result, we do not want any drivers incorporated in the image.
 
I built the image on VMWare using E1000 NIC (as its natively supported by Windows 10) and did not install VMware Tools during the build process to keep the image clean.
 
I also had numerous issues with sysprep failing due to numerous changes (many which I did not document here).  As a result, I recommend snapshotting your progress numerous times throughout the SOE build and attempting to run sysprep numerous times during your build process to ensure when you get to the end it will not fail!

Hope this information is helpful to anyone wanting to upgrade to Windows 10 as part of a corporate SOE.

Disable RC4 on Windows Servers

The 13 year old RC4 cipher exploit is enabled by default on Server 2012 R2.  If you have a IIS server using a digital certificate facing the Internet, it's recommended to disable RC4 cipher.

There are numerous security concerns documented on the Internet about this vulnerability including:

https://threatpost.com/attack-exploits-weakness-rc4-cipher-decrypt-user-sessions-031413/77628/

http://www.securityweek.com/new-attack-rc4-based-ssltls-leverages-13-year-old-vulnerability

To disable this vulnerability, add the following to the registry on your Server 2012 R2 operating system:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
"Enabled"=dword:00000000

To disable this vulnerability, add the following to the registry on your Server 2012 R2 operating system:


This was put in place on a customers RDS  Gateway and Web Access server after conducting a penetration test and finding this vulnerability enabled by default.

Thursday, January 26, 2017

Displaying full values of Attributes in PowerShell

In Windows PowerShell often when you are running queries, PowerShell will only show a limited value for objects which contain large attributes.  The attribute output is cutoff with a "..." at the end of the attribute.


To configure PowerShell to display the full output of a cmdlet, enter the following into the shell window:

$FormatEnumerationLimit=-1

The shell will now push the full output onto the screen for long attributes.


Hope this post was helpful.

For IT Support in Perth, Contact Avantgarde Technologies. 

Thursday, January 19, 2017

MSExchange ActiveSync Event ID 1016

Customer with a single Exchange 2010 completely down.  The following error was spammed throughout the event log:

Log Name:      Application
Source:        MSExchange ActiveSync
Date:          18/01/2017 7:31:46 PM
Event ID:      1016
Task Category: Server
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      EXCHANGE2010
Description:
Exchange ActiveSync has encountered repeated failures when it tries to access data on Mailbox server [EXCHANGE2010.domain.local]. It will temporarily stop making requests to the Mailbox server for [60] seconds to reduce load on that server. This delay may occur if the Mailbox server is overloaded. If this event is logged frequently, review the Application log on this server and the Mailbox server noted above for other events that could indicate the root cause of performance problems.
Additional information:
"serverFQDN=EXCHANGE2010.domain.local
Error 0:

ErrorTimeStamp:
18/01/2017 7:31:45 PM
Exception:
--- Exception start ---
Exception type: Microsoft.Exchange.Data.Storage.ConnectionFailedTransientException
Exception message: Cannot open mailbox /o=EXCHANGE/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=User.
Exception level: 0
Exception stack trace:    at Microsoft.Exchange.Data.Storage.MailboxSession.ForceOpen(MapiStore linkedStore)
   at Microsoft.Exchange.Data.Storage.MailboxSession.Initialize(MapiStore linkedStore, LogonType logonType, ExchangePrincipal owner, DelegateLogonUser delegateUser, Object identity, OpenMailboxSessionFlags flags, GenericIdentity auxiliaryIdentity)
   at Microsoft.Exchange.Data.Storage.MailboxSession.<>c__DisplayClass12.b__10(MailboxSession mailboxSession)
   at Microsoft.Exchange.Data.Storage.MailboxSession.InternalCreateMailboxSession(LogonType logonType, ExchangePrincipal owner, CultureInfo cultureInfo, String clientInfoString, IAccountingObject budget, Action`1 initializeMailboxSession, InitializeMailboxSessionFailure initializeMailboxSessionFailure)
   at Microsoft.Exchange.Data.Storage.MailboxSession.CreateMailboxSession(LogonType logonType, ExchangePrincipal owner, DelegateLogonUser delegateUser, Object identity, OpenMailboxSessionFlags flags, CultureInfo cultureInfo, String clientInfoString, PropertyDefinition[] mailboxProperties, IList`1 foldersToInit, GenericIdentity auxiliaryIdentity, IAccountingObject budget)
   at Microsoft.Exchange.Data.Storage.MailboxSession.ConfigurableOpen(ExchangePrincipal mailbox, MailboxAccessInfo accessInfo, CultureInfo cultureInfo, String clientInfoString, LogonType logonType, PropertyDefinition[] mailboxProperties, InitializationFlags initFlags, IList`1 foldersToInit, IAccountingObject budget)
   at Microsoft.Exchange.Data.Storage.MailboxSession.Open(ExchangePrincipal mailboxOwner, WindowsPrincipal authenticatedUser, CultureInfo cultureInfo, String clientInfoString, Boolean wantCachedConnection)
   at Microsoft.Exchange.Data.Storage.MailboxSession.Open(ExchangePrincipal mailboxOwner, WindowsPrincipal authenticatedUser, CultureInfo cultureInfo, String clientInfoString)
   at Microsoft.Exchange.AirSync.Command.OpenMailboxSession(AirSyncUser user, Boolean shouldUseBudget)
   at Microsoft.Exchange.AirSync.Command.WorkerThread()
Inner exception follows...
Exception type: Microsoft.Mapi.MapiExceptionNetworkError
Exception message: MapiExceptionNetworkError: Unable to make connection to the server. (hr=0x80040115, ec=-2147221227)
Diagnostic context:
    ......
    Lid: 13720   dwParam: 0x6D9      Msg: EEInfo: Flags: 0
    Lid: 11672   dwParam: 0x6D9      Msg: EEInfo: NumberOfParameters: 4
    Lid: 8856    dwParam: 0x6D9      Msg: EEInfo: prm[0]: Unicode string: ncacn_ip_tcp
    Lid: 8856    dwParam: 0x6D9      Msg: EEInfo: prm[1]: Unicode string: EXCHANGE2010.domain.local
    Lid: 12952   dwParam: 0x6D9      Msg: EEInfo: prm[2]: Long val: -545057711
    Lid: 12952   dwParam: 0x6D9      Msg: EEInfo: prm[3]: Long val: 382312662
    Lid: 45169   StoreEc: 0x824    
    Lid: 44273 
    Lid: 59431   EMSMDB.EcDoConnectEx called [length=140]
    Lid: 34855   EMSMDB.EcDoConnectEx returned [ec=0x824][length=56][latency=0]
    Lid: 59505   StoreEc: 0x824    
    Lid: 25964   StoreEc: 0x824    
    Lid: 36081 
    Lid: 52465   StoreEc: 0x80040115
    Lid: 60065 
    Lid: 33777   StoreEc: 0x80040115
    Lid: 59805 
    Lid: 52209   StoreEc: 0x80040115
    Lid: 56583 
    Lid: 52487   StoreEc: 0x80040115
    Lid: 19778 
    Lid: 27970   StoreEc: 0x80040115
    Lid: 17730 
    Lid: 25922   StoreEc: 0x80040115
Exception level: 1
Exception stack trace:    at Microsoft.Mapi.MapiExceptionHelper.ThrowIfError(String message, Int32 hresult, SafeExInterfaceHandle iUnknown, Exception innerException)
   at Microsoft.Mapi.ExRpcConnection.Create(ConnectionCache connectionCache, ExRpcConnectionCreateFlag createFlags, ConnectFlag connectFlags, String serverDn, String userDn, String user, String domain, String password, String httpProxyServerName, Int32 ulConMod, Int32 lcidString, Int32 lcidSort, Int32 cpid, Int32 cReconnectIntervalInMins, Int32 cbRpcBufferSize, Int32 cbAuxBufferSize, Client xropClient, Byte[] clientSessionInfo, TimeSpan connectionTimeout)
   at Microsoft.Mapi.MapiStore.OpenMapiStore(String serverDn, String userDn, String mailboxDn, Guid guidMailbox, Guid guidMdb, String userName, String domainName, String password, String httpProxyServerName, ConnectFlag connectFlags, OpenStoreFlag storeFlags, CultureInfo cultureInfo, Boolean wantRedirect, String& correctServerDN, ClientIdentityInfo clientIdentity, String applicationId, Client xropClient, Boolean wantWebServices, Byte[] clientSessionInfo, TimeSpan connectionTimeout)
   at Microsoft.Mapi.MapiStore.OpenMailbox(String serverDn, String userDn, Guid guidMailbox, Guid guidMdb, String userName, String domainName, String password, ConnectFlag connectFlags, OpenStoreFlag storeFlags, CultureInfo cultureInfo, WindowsIdentity windowsIdentity, String applicationId)
   at Microsoft.Exchange.Data.Storage.MailboxSession.ForceOpen(MapiStore linkedStore)
--- Exception end ---
Error 1:

ErrorTimeStamp:
18/01/2017 7:31:45 PM
Exception:
--- Exception start ---
Exception type: Microsoft.Exchange.Data.Storage.ConnectionFailedTransientException
Exception message: Cannot open mailbox /o=exchange/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=sfso.
Exception level: 0
Exception stack trace:    at Microsoft.Exchange.Data.Storage.MailboxSession.ForceOpen(MapiStore linkedStore)
   at Microsoft.Exchange.Data.Storage.MailboxSession.Initialize(MapiStore linkedStore, LogonType logonType, ExchangePrincipal owner, DelegateLogonUser delegateUser, Object identity, OpenMailboxSessionFlags flags, GenericIdentity auxiliaryIdentity)
   at Microsoft.Exchange.Data.Storage.MailboxSession.<>c__DisplayClass12.b__10(MailboxSession mailboxSession)
   at Microsoft.Exchange.Data.Storage.MailboxSession.InternalCreateMailboxSession(LogonType logonType, ExchangePrincipal owner, CultureInfo cultureInfo, String clientInfoString, IAccountingObject budget, Action`1 initializeMailboxSession, InitializeMailboxSessionFailure initializeMailboxSessionFailure)
   at Microsoft.Exchange.Data.Storage.MailboxSession.CreateMailboxSession(LogonType logonType, ExchangePrincipal owner, DelegateLogonUser delegateUser, Object identity, OpenMailboxSessionFlags flags, CultureInfo cultureInfo, String clientInfoString, PropertyDefinition[] mailboxProperties, IList`1 foldersToInit, GenericIdentity auxiliaryIdentity, IAccountingObject budget)
   at Microsoft.Exchange.Data.Storage.MailboxSession.ConfigurableOpen(ExchangePrincipal mailbox, MailboxAccessInfo accessInfo, CultureInfo cultureInfo, String clientInfoString, LogonType logonType, PropertyDefinition[] mailboxProperties, InitializationFlags initFlags, IList`1 foldersToInit, IAccountingObject budget)
   at Microsoft.Exchange.Data.Storage.MailboxSession.Open(ExchangePrincipal mailboxOwner, WindowsPrincipal authenticatedUser, CultureInfo cultureInfo, String clientInfoString, Boolean wantCachedConnection)
   at Microsoft.Exchange.Data.Storage.MailboxSession.Open(ExchangePrincipal mailboxOwner, WindowsPrincipal authenticatedUser, CultureInfo cultureInfo, String clientInfoString)
   at Microsoft.Exchange.AirSync.Command.OpenMailboxSession(AirSyncUser user, Boolean shouldUseBudget)
   at Microsoft.Exchange.AirSync.Command.WorkerThread()
Inner exception follows...
Exception type: Microsoft.Mapi.MapiExceptionNetworkError
Exception message: MapiExceptionNetworkError: Unable to make connection to the server. (hr=0x80040115, ec=-2147221227)
Diagnostic context:
    ......
    Lid: 13720   dwParam: 0x6D9      Msg: EEInfo: Flags: 0
    Lid: 11672   dwParam: 0x6D9      Msg: EEInfo: NumberOfParameters: 4
    Lid: 8856    dwParam: 0x6D9      Msg: EEInfo: prm[0]: Unicode string: ncacn_ip_tcp
    Lid: 8856    dwParam: 0x6D9      Msg: EEInfo: prm[1]: Unicode string: EXCHANGE2010.domain.local
    Lid: 12952   dwParam: 0x6D9      Msg: EEInfo: prm[2]: Long val: -545057711
    Lid: 12952   dwParam: 0x6D9      Msg: EEInfo: prm[3]: Long val: 382312662
    Lid: 45169   StoreEc: 0x824    
    Lid: 44273 
    Lid: 59431   EMSMDB.EcDoConnectEx called [length=133]
    Lid: 34855   EMSMDB.EcDoConnectEx returned [ec=0x824][length=56][latency=0]
    Lid: 59505   StoreEc: 0x824    
    Lid: 25964   StoreEc: 0x824    
    Lid: 36081 
    Lid: 52465   StoreEc: 0x80040115
    Lid: 60065 
    Lid: 33777   StoreEc: 0x80040115
    Lid: 59805 
    Lid: 52209   StoreEc: 0x80040115
    Lid: 56583 
    Lid: 52487   StoreEc: 0x80040115
    Lid: 19778 
    Lid: 27970   StoreEc: 0x80040115
    Lid: 17730 
    Lid: 25922   StoreEc: 0x80040115
Exception level: 1
Exception stack trace:    at Microsoft.Mapi.MapiExceptionHelper.ThrowIfError(String message, Int32 hresult, SafeExInterfaceHandle iUnknown, Exception innerException)
   at Microsoft.Mapi.ExRpcConnection.Create(ConnectionCache connectionCache, ExRpcConnectionCreateFlag createFlags, ConnectFlag connectFlags, String serverDn, String userDn, String user, String domain, String password, String httpProxyServerName, Int32 ulConMod, Int32 lcidString, Int32 lcidSort, Int32 cpid, Int32 cReconnectIntervalInMins, Int32 cbRpcBufferSize, Int32 cbAuxBufferSize, Client xropClient, Byte[] clientSessionInfo, TimeSpan connectionTimeout)
   at Microsoft.Mapi.MapiStore.OpenMapiStore(String serverDn, String userDn, String mailboxDn, Guid guidMailbox, Guid guidMdb, String userName, String domainName, String password, String httpProxyServerName, ConnectFlag connectFlags, OpenStoreFlag storeFlags, CultureInfo cultureInfo, Boolean wantRedirect, String& correctServerDN, ClientIdentityInfo clientIdentity, String applicationId, Client xropClient, Boolean wantWebServices, Byte[] clientSessionInfo, TimeSpan connectionTimeout)
   at Microsoft.Mapi.MapiStore.OpenMailbox(String serverDn, String userDn, Guid guidMailbox, Guid guidMdb, String userName, String domainName, String password, ConnectFlag connectFlags, OpenStoreFlag storeFlags, CultureInfo cultureInfo, WindowsIdentity windowsIdentity, String applicationId)
   at Microsoft.Exchange.Data.Storage.MailboxSession.ForceOpen(MapiStore linkedStore)
--- Exception end ---
Error 2:

ErrorTimeStamp:
18/01/2017 7:31:45 PM
Exception:
--- Exception start ---
Exception type: Microsoft.Exchange.Data.Storage.ConnectionFailedTransientException
Exception message: Cannot open mailbox /o=exchange/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=sfso.
Exception level: 0
Exception stack trace:    at Microsoft.Exchange.Data.Storage.MailboxSession.ForceOpen(MapiStore linkedStore)
   at Microsoft.Exchange.Data.Storage.MailboxSession.Initialize(MapiStore linkedStore, LogonType logonType, ExchangePrincipal owner, DelegateLogonUser delegateUser, Object identity, OpenMailboxSessionFlags flags, GenericIdentity auxiliaryIdentity)
   at Microsoft.Exchange.Data.Storage.MailboxSession.<>c__DisplayClass12.b__10(MailboxSession mailboxSession)
   at Microsoft.Exchange.Data.Storage.MailboxSession.InternalCreateMailboxSession(LogonType logonType, ExchangePrincipal owner, CultureInfo cultureInfo, String clientInfoString, IAccountingObject budget, Action`1 initializeMailboxSession, InitializeMailboxSessionFailure initializeMailboxSessionFailure)
   at Microsoft.Exchange.Data.Storage.MailboxSession.CreateMailboxSession(LogonType logonType, ExchangePrincipal owner, DelegateLogonUser delegateUser, Object identity, OpenMailboxSessionFlags flags, CultureInfo cultureInfo, String clientInfoString, PropertyDefinition[] mailboxProperties, IList`1 foldersToInit, GenericIdentity auxiliaryIdentity, IAccountingObject budget)
   at Microsoft.Exchange.Data.Storage.MailboxSession.ConfigurableOpen(ExchangePrincipal mailbox, MailboxAccessInfo accessInfo, CultureInfo cultureInfo, String clientInfoString, LogonType logonType, PropertyDefinition[] mailboxProperties, InitializationFlags initFlags, IList`1 foldersToInit, IAccountingObject budget)
   at Microsoft.Exchange.Data.Storage.MailboxSession.Open(ExchangePrincipal mailboxOwner, WindowsPrincipal authenticatedUser, CultureInfo cultureInfo, String clientInfoString, Boolean wantCachedConnection)
   at Microsoft.Exchange.Data.Storage.MailboxSession.Open(ExchangePrincipal mailboxOwner, WindowsPrincipal authenticatedUser, CultureInfo cultureInfo, String clientInfoString)
   at Microsoft.Exchange.AirSync.Command.OpenMailboxSession(AirSyncUser user, Boolean shouldUseBudget)
   at Microsoft.Exchange.AirSync.Command.WorkerThread()
Inner exception follows...
Exception type: Microsoft.Mapi.MapiExceptionNetworkError
Exception message: MapiExceptionNetworkError: Unable to make connection to the server. (hr=0x80040115, ec=-2147221227)
Diagnostic context:
    ......
    Lid: 13720   dwParam: 0x6D9      Msg: EEInfo: Flags: 0
    Lid: 11672   dwParam: 0x6D9      Msg: EEInfo: NumberOfParameters: 4
    Lid: 8856    dwParam: 0x6D9      Msg: EEInfo: prm[0]: Unicode string: ncacn_ip_tcp
    Lid: 8856    dwParam: 0x6D9      Msg: EEInfo: prm[1]: Unicode string: EXCHANGE2010.domain.local
    Lid: 12952   dwParam: 0x6D9      Msg: EEInfo: prm[2]: Long val: -545057711f
    Lid: 12952   dwParam: 0x6D9      Msg: EEInfo: prm[3]: Long val: 382312662
    Lid: 45169   StoreEc: 0x824    
    Lid: 44273 
    Lid: 59431   EMSMDB.EcDoConnectEx called [length=133]
    Lid: 34855   EMSMDB.EcDoConnectEx returned [ec=0x824][length=56][latency=0]
    Lid: 59505   StoreEc: 0x824    
    Lid: 25964   StoreEc: 0x824    
    Lid: 36081 
    Lid: 52465   StoreEc: 0x80040115
    Lid: 60065 
    Lid: 33777   StoreEc: 0x80040115
    Lid: 59805 
    Lid: 52209   StoreEc: 0x80040115
    Lid: 56583 
    Lid: 52487   StoreEc: 0x80040115
    Lid: 19778 
    Lid: 27970   StoreEc: 0x80040115
    Lid: 17730 
    Lid: 25922   StoreEc: 0x80040115
Exception level: 1
Exception stack trace:    at Microsoft.Mapi.MapiExceptionHelper.ThrowIfError(String message, Int32 hresult, SafeExInterfaceHandle iUnknown, Exception innerException)
   at Microsoft.Mapi.ExRpcConnection.Create(ConnectionCache connectionCache, ExRpcConnectionCreateFlag createFlags, ConnectFlag connectFlags, String serverDn, String userDn, String user, String domain, String password, String httpProxyServerName, Int32 ulConMod, Int32 lcidString, Int32 lcidSort, Int32 cpid, Int32 cReconnectIntervalInMins, Int32 cbRpcBufferSize, Int32 cbAuxBufferSize, Client xropClient, Byte[] clientSessionInfo, TimeSpan connectionTimeout)
   at Microsoft.Mapi.MapiStore.OpenMapiStore(String serverDn, String userDn, String mailboxDn, Guid guidMailbox, Guid guidMdb, String userName, String domainName, String password, String httpProxyServerName, ConnectFlag connectFlags, OpenStoreFlag storeFlags, CultureInfo cultureInfo, Boolean wantRedirect, String& correctServerDN, ClientIdentityInfo clientIdentity, String applicationId, Client xropClient, Boolean wantWebServices, Byte[] clientSessionInfo, TimeSpan connectionTimeout)
   at Microsoft.Mapi.MapiStore.OpenMailbox(String serverDn, String userDn, Guid guidMailbox, Guid guidMdb, String userName, String domainName, String password, ConnectFlag connectFlags, OpenStoreFlag storeFlags, CultureInfo cultureInfo, WindowsIdentity windowsIdentity, String applicationId)
   at Microsoft.Exchange.Data.Storage.MailboxSession.ForceOpen(MapiStore linkedStore)
--- Exception end ---
errorCount=3, backingOff=True".



I know there are a few causes of this error however in my instance it was due to Microsoft Exchange Replication Service not started.  The service had been misconfigured to run as a service account with invalid credentials.

Setting it back to local system resolved the issue and getting the customer back online.

The Active Sync service queries "Active Manager" which is part of the Exchange Replication Service to determine where the users active mailbox copy in a DAG resides - and still follows this model even if your not using DAG's in your environment.  Hence if Active Manager is not available, no one can locate their Active Mailbox.

Tuesday, January 17, 2017

Out of Office Messages Interval on Exchange Server

I had a customer raise an interesting request.  They wanted to know if it was possible to change the amount of Out of Office messages which are sent to external and internal recipients after a user activates OOF.

After checking this matter with fellow MVP's in Exchange Server, this is what was determined.

Exchange Server does not put a delay in place between Out of Office messages.  When OOF is enabled on a mailbox, it creates a list stored on the mailbox containing all recipients which have received the OOF message.

Exchange only sends One (1) OOF message to internal and external recipients.

This list maintained on each mailbox is reset when OOF is disabled on the mailbox and re-enabled.

There is no easy way using native tools provided with Exchange to modify this functionality.  It would be possible however to clear the OOF lists on mailboxes on a schedule through creating an external script.

Hope this information has been useful.

Wednesday, December 14, 2016

Manual Outlook Configuration with Outlook 2016

With the release of Microsoft Outlook 2016, it is now no longer possible to manually add an Exchange account.  Exchange accounts can only be added to Outlook 2016 using Autodiscover.  If Autodiscover records aren't published, your administrator will need to publish them so Outlook can find the account.

In Outlook 2010 and 2013, users were able to manually add Exchange accounts to the Outlook client by selecting "Manual Setup".


Outlook 2016 manual setup now only supports Exchange Active Sync (EAS), a protocol which Outlook does not support with Microsoft Exchange as per https://support.microsoft.com/en-au/kb/2859522

Outlook only supports "RPC", "RPC over HTTPS" and "MAPI over HTTPS" connections to Exchange server.

The Microsoft "Outlook.com" cloud service however does support EAS connections hence why the option is available in Outlook 2016.

If you try and complete a manual configuration for Outlook 2016, you will receive the following error.

"Log onto Exchange ActiveSync mail server (EAS): The server cannot be found"


Make sure you add the Autodiscover record to your public DNS or alternatively modify the hosts file with an Autodiscover record so the Outlook client can resolve the correct Exchange communication settings.

It is disappointing that you cannot select what method you wish to connect in Outlook 2016 when attempting to perform a manual setup.

Friday, December 9, 2016

How to Patch Windows Server 2003 with Error 0x80072EFF

I have a customer who has 3 forests all running Exchange 2003 on Windows Server 2003... yes in the year 2016 (almost 2017).  Before moving to Exchange 2010 --> 2016 we are required to consolidate with some cross-forest migrations.

I need to test some things in my lab before performing this migration in production so I built some 2003 servers... been ages!

After running the installation I had issues patching the servers and I found no information online around Error Number: 0x80072EFF - surprising as it seems like such a common error (is there really no one out there installing Server 2003 now?)

When clicking start and selecting Windows Update, this is the error I received.


After playing around for a good 15 minutes googling this error, I decided to upgrade Internet Explorer to version 8 (the highest supported on 2003 server).  This is downloaded from the following website for 32bit.

https://www.microsoft.com/en-au/download/details.aspx?id=20335

Note you will not be able to browse this website on Internet Explorer 6 so you will have to download the upgrade file from another computer then copy it onto the 2003 server.

After upgrading Internet Explorer to 8, I was able to follow the bouncing ball and install all the latest patches up until 2003 server went end of life.



Hopefully this has been helpful for anyone out there still needing to install Server 2003 (for non production use hopefully).

IT Support in Perth by Avantgarde Technologies, Contact us now.

Monday, October 31, 2016

Exchange Server Lost Trust to the Domain

A customer of mine running Exchange 2010 SP3 after a UPS had issues with Exchange loosing trust to the Active Directory domain.  This renders Microsoft Exchange unusable as all important Exchange configuration is stored within Active Directory.

Computer accounts like user accounts also have passwords.  These change every 30 days by default by Active Directory and member servers and workstations are automatically updated with the new password.  In the event the workstation or member server is not updated with the latest computer password; the trust fails and the machine displays the error “The trust relationship between the workstation and the primary domain failed” as shown in the screenshot below:


As a general fix for this issue, the PC is simply needs to be rejoined to the domain which works for most member servers and workstations.

Exchange however stores all its config in Active Directory and cannot be removed from a domain.

In the event you experience your Exchange Server loosing trust to Active Directory, you can re-establish trust using the following command on the Exchange Server after logging in with the local administrator account:

netdom resetpwd /server:AnyDomainController.yourdomain.local /userD:domain\administrator /PassworD:"youradminpassword"

Hope this post has been helpful.

Need IT Support with Microsoft Exchange in Perth?  Contact Avantgarde Technologies.

Direct Access Server not displaying Connection Statistics

A customer of mine had an issue with a Direct Access Server not displaying connection statistics.  My clients are connecting to the server without issues using IPHTTPS but we have no visibility to who is connected and for how long.

All connections and total bytes display 0 in both PowerShell and "Remote Access Management Console".

 
 
Also on the Remote Client Status page, no active clients are displayed.


This issue occurs when Windows Firewall is disabled on a Direct Access server.

Re-enable Windows Firewall and reboot the server.  After rebooting the server, wait 24 hours and you will notice statistics will start generating again.



Hope this post has been helpful.

Need IT Support or IT Services in Perth?  Contact Avantgarde Technologies.

Thursday, October 13, 2016

EventID 1006 MSExchangeFastSearch

A customer had an issue with Microsoft Exchange 2013 search not working.  Users received an error "Your search didn't return any results" in Outlook Web App.

 
This following error was generated in the Application Logs on the server.
 
Log Name:      Application
Source:        MSExchangeFastSearch
Date:          14/10/2016 1:10:14 PM
Event ID:      1006
Task Category: General
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      Exchange.domain.local
Description:
The FastFeeder component received a connection exception from FAST. Error details: System.ServiceModel.EndpointNotFoundException: Could not connect to net.tcp://localhost:3847/. The connection attempt lasted for a time span of 00:00:02.0469288. TCP error code 10061: No connection could be made because the target machine actively refused it 127.0.0.1:3847.  ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:3847
   at System.Net.Sockets.Socket.EndConnect(IAsyncResult asyncResult)
   at System.ServiceModel.Channels.SocketConnectionInitiator.ConnectAsyncResult.OnConnect(IAsyncResult result)
   --- End of inner exception stack trace ---
Server stack trace:
   at System.Runtime.AsyncResult.End[TAsyncResult](IAsyncResult result)
   at System.ServiceModel.Channels.CommunicationObject.EndOpen(IAsyncResult result)
Exception rethrown at [0]:
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at System.ServiceModel.ICommunicationObject.EndOpen(IAsyncResult result)
   at Microsoft.Exchange.Search.OperatorSchema.PagingImsFlowExecutor.CreateProxy()
   at Microsoft.Exchange.Search.OperatorSchema.PagingImsFlowExecutor.AcquireProxy()
   at Microsoft.Exchange.Search.OperatorSchema.PagingImsFlowExecutor.ExecuteServiceCall(IProcessingEngineChannel& serviceProxy, Action`1 call, Int32 retryCount)
   at Microsoft.Exchange.Search.OperatorSchema.PagingImsFlowExecutor.ExecuteAndReadPage(QueryParameters parameters, String outputName)
   at Microsoft.Exchange.Search.OperatorSchema.PagingImsFlowExecutor.GetHitCount(QueryParameters parameters)
   at Microsoft.Exchange.Search.Fast.ExchangeQueryExecutor.<>c__DisplayClass20.b__1f()
   at Microsoft.Exchange.Search.Fast.ExchangeQueryExecutor.RunUnderExceptionHandler[T](Func`1 call, IDiagnosticsSession session, String flowName)

 
This issue occurs when the "Microsoft Exchange Search Host Controller" service is in a stopped state.  My customer installed the latest Cumulative Update for Exchange 2013 and after the installation finished, the Search Host Controller was not set back to an Automatic.