This blog has moved, and is now available here: http://justinho.com/blog/

The RSS feed is available at http://justinho.com/feed/

There will be no new posts at this new location.

Symptoms:

Some of my users are unable to change their passwords via OWA on Exchange 2007 on Server 2008.  My DCs are running Server 2003.

Argh.

Since most ISPs block unencrypted SMTP (tcp port 25) outbound connections, I've configured my managed mobile clients to connect to my mail server on port 465 (SMTPS) and use TLS to authenticate to "phone home".

This allows these clients, even on untrusted client IP segments to authenticate over a secure connection, and deliver email as to their current whereabouts (IP address.)

First, configure RemotelyAnywhere to use port 465, and force TLS/SSL.  (Obviously, you'll have to provide a username/password etc. here.)  I created a dedicated mailbox/user for this purpose.

Next, on the Edge Transport machine, create a new receive connector for port 465.  You'll have to rearrange your existing connector(s) to ensure there's no port/scope overlap:

• Edge Transport
• New Receive Connector
• port 465, enable TLS
• Allow exchange users ONLY
• In the Shell: Get-ReceiveConnector server\connector | add-adpermission -user USERNAME -extendedrights ms-Exch-SMTP-Accept-Any-Sender

Replace USERNAME with the dedicated user.  Replace server\connector with the identity of the connector.  To get the name, do "Get-ReceiveConnector" by itself, and pick the appropriate entry.  Note that this will force the Exchange Edge server to permit ONLY current Exchange Users (ie. not anonymous/unauthenticated users) to submit mail via SMTPS on port 465.

So now, I have machines that can check their local IPs every X minutes, open a secure connection to my email server, and send an email with its current IP address, on any internet connection that permits tcp port 465 (SMTPS) outbound.

Installing the Hyper-V RC0 update for Windows Server 2008 rendered my virtual machines unable to connect to the network.

I installed the hypervisor - Hyper-V RC0 build today.  After rebooting, my network configuration would not function.  I was unable to add an External network and bind it to the NIC successfully.

I'm running Windows Server 2008 RTM x64, and I had the beta (in-box) Hyper-V code running with virtual machines.  My physical machine has two onboard NICs; one was dedicated for the host, and the other was for the virtual machines.

So I removed the HyperV role, and rebooted the box.

The box hung like this.  I power cycled it, which restored service.  The configuration was "resumed" and the role was successfully removed, with an error.  Unfortunately, the Virtual Switches stayed in Network Connections.  I then reattempted install of the Hyper-V role.  This completed, but with an error: it wasn't able to set up the networking components.

Log Name:      Microsoft-Windows-Hyper-V-Network-Admin
Source:        Microsoft-Windows-Hyper-V-Network
Event ID:      14070
Level:         Error
User:          SYSTEM
Description:
Switch set up failed, name='6d861a9b-39ef-4d01-a181-e163e5a21908', external port='f6400f7a-0dea-4b1f-bf91-3a78b00092f5', internal port='30b4be1c-5c03-48a6-84ed-7f590a3ffae7', NIC='{506E5818-0E27-4E13-8835-DDC8B7393D36}', internal name='9e3e1874-09ab-423b-904e-75420369499f', internal friendly name='New Virtual Network', error=2147749889, mof code=0.
Event Xml:
  <System>
    <Provider Name="Microsoft-Windows-Hyper-V-Network" Guid="{0a18ff18-5362-4739-9671-78023d747b70}" />
    <EventID>14070</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <EventRecordID>88</EventRecordID>
    <Correlation />
    <Execution ProcessID="1088" ThreadID="1196" />
    <Channel>Microsoft-Windows-Hyper-V-Network-Admin</Channel>
    <Security UserID="S-1-5-18" />
  </System>
  <UserData>
      <Switch>6d861a9b-39ef-4d01-a181-e163e5a21908</Switch>
      <ExternalPortName>f6400f7a-0dea-4b1f-bf91-3a78b00092f5</ExternalPortName>
      <InternalPortName>30b4be1c-5c03-48a6-84ed-7f590a3ffae7</InternalPortName>
      <NIC>{506E5818-0E27-4E13-8835-DDC8B7393D36}</NIC>
      <InternalName>9e3e1874-09ab-423b-904e-75420369499f</InternalName>
      <InternalFriendlyName>New Virtual Network</InternalFriendlyName>
      <Error>2147749889</Error>
      <MofCode>0</MofCode>
    </NvspSwitchSetupError>
  </UserData>
</Event>

I've posted to some MSDN blogs' comments... but I doubt I'll hear back.

So now, I have no Hyper-V machines running anymore, and I can't get rid of the Virtual Network Switches.  I have heard from some people that manually removing the entries in the registry for the NICs will cause everything to "blow up".  I'm unable to delete the Virtual Switches in Network Connections, or in Device Manager.

My physical box has production workloads on it, so I can't blast it away.  Since the "finish line is in sight," I was kind of hoping that these kinds of things wouldn't happen, especially since they shipped the beta I was running inbox with the RTM code.

I can't find any evidence of Hyper-V on Connect, so there doesn't appear to be a way to report this.

Advice:

I would suggest that you remove not only the machines, but also the virtual networks, AND the Hyper-V role, before applying the update for Hyper-V RC0.  Then reinstall the role to make sure things are cleanly in place.

Further reading:

http://support.microsoft.com/kb/949222/ and http://support.microsoft.com/kb/949219

It took me around a day to notice... but after I installed IE8 beta, all my RSS feeds from my "Common Feed List" stopped updating.

As a result, a few things have happened/I have noticed several things:

• Outlook 2007's RSS folder deletion sucks.  I created a "temp" folder, and dragged all my old folders into the temp folder, then deleted the whole temp folder.  Result of design by committee: Your product sucks at very simple tasks because not all use cases end up being included.
• RSS feeds are background noise.  And after a day or so, I "miss" the noise.  Makes me wonder if I should be spending more time on important things instead of reading all this "news".  RSS feeds are a form of noise pollution in my life.
• I manually re-added the 8 or so feeds that I actually need, into Outlook 2007.  Reddit and Digg are both cut, due to the poor signal to noise ratio.
• IE8 opens a lot more connections - and loads sites faster.  Also mentioned here: http://www.ajaxperformance.com/2008/03/07/ie8-the-performance-implications/
• Outlook 2007's RSS functionality is... decent... but still leaves much to be desired.  I have 3 machines, each with Outlook on them against my Exchange server.  This means that most of my RSS feeds come in THREE times over.  Who decided THAT would be a good idea?  The committee did.

I downloaded the nightly trunk of VLC 0.90 on Win32 today.

I've only used it for about 10 minutes, but:

• New privacy warnings - good idea
• Volume goes up to 200% - nice
• The UI has some strange artifacts, but is easy to use
• The preferences window is usable!
• Dragging files from UNC \\server\share\filename causes VLC to crash

For the past few weeks, I've been trying to email users at Yahoo.com.  Their MTAs continuously reject email I send:

421 Message from (209.161.207.163) temporarily deferred - 4.16.50.
Please refer to http://help.yahoo.com/help/us/mail/defer/defer-06.html

I've already put in reverse DNS entries, so cairo.justinho.com <--> 209.161.207.163 both resolve, whichever way you try.

I'm not even sending spam.  I'm trying to send emails to friends or responding to friends' emails.  I had a Craig's List post a few days ago - and I was responding to a Yahoo user.  But it's no use - I still can't email Yahoo.com users.

I've contacted Yahoo tech support lots of times.  I've requested to be "unblocked" - heck, I've even filled out their form.

Why is it that I somehow need Yahoo's permission to send email to their users?  Why do they even NEED my contact information?  Two weeks since sending all this information they wanted, I STILL can't email @yahoo.com email addresses.

This is ludicrous.  If you are a Yahoo.com user, I strongly suggest you get an email account at another provider.

Applying for Permission to Email Yahoo.com Addresses

1. Please provide all ACTIVE IP addresses you are currently using to send mail.
2. Do you have a dedicated IP address or do you use a shared mail server/IP address (i.e., the mail server/IP address is hosted by a service provider and is also being used by organizations other than your own)? If you use a shared server, please specify which service provider you use.
3. Please indicate all types of email being sent from the servers above, e.g., personal/corporate emails, transactional mailings, mailing list postings, marketing messages, newsletters? (Indicate which IP sends which type of mail, if applicable.)
4. If you send periodic or subscription-based mailings, please indicate the means by which a user is signed up for your subscription list. 
   1. Do you take any steps to confirm that the subscription is valid, or was initiated by the true owner of the email address?
5. How many subscribers do you currently have? And approximately how many emails do you send on a monthly basis?
6. Do you remove email addresses from mailing list if emails to them bounce--i.e., for soft (4xx) and hard (5xx) SMTP response codes?
   1. If yes, how many bounced emails are required before you consider an email address to be inactive and subject to removal from your list?
7. How long does it typically take for an email address to be removed from your list once an unsubscribe request has been received?
8. Please provide the URL of your web site, including the links to your Privacy Policy, Affiliate Policy, and/or Terms of Use pages, if available.
9. Please copy and paste a text-only example of a recent mailing, including the full Internet headers. Or, include the entire error message you're seeing in your SMTP logs if email is being deferred or blocked.
10. Where possible, Yahoo! uses DomainKeys to determine the original sender of a message. Do you plan to or currently use DomainKeys to authenticate your mailings?
11. Please provide the following contact information:  Company name, Contact information, Postal Address, Email address

When was the last time you applied for permission to send email to someone?

Background:

I'm running Exchange 2007 SP1 with UR1 on Windows Server 2008 x64.

Problem:

The UI seems to have a few bugs in it.

I opened:

• Microsoft Exchange Management Console
• Organization Configuration
• Hub Transport
• New Remote Domain...
• Double click on new Remote Domain... (Properties window)

Weird:

• The title of the tab looks wrong
• "sender's" has a strange character in it

Whoa.  New feature in my Lenovo Screen Magnifier.  (At least, a new ADVERTISED feature.)

In the name of "accessibility", I think this feature is actually more useful than the buttons in Windows / OS X / most shells, as it allows you to use your secondary monitor in a way that is more difficult otherwise: dragging and then maximizing a window on a second screen.

Cool.  A free software upgrade of a utility that actually does something "novel".

Abstract:

Windows Server 2008 introduces a DNS block feature that may affect the ISA Server automatic discovery mechanism when implementing WPAD using a Windows Server 2008 DNS Server.  Therefore, additional configuration steps are necessary to get WPAD to work, when clients are running against a 2008 DNS server.

Details:

The block feature provides a global query block list to reduce vulnerability associated with dynamic DNS updates. Dynamic update makes it possible for DNS client computers to register and dynamically update their resource records with a DNS server whenever a client changes its network address or host name.  This reduces the need for manual administration of zone records, especially for clients that frequently move or change locations and use DHCP to obtain an IP address. This convenience comes at a cost, however, because an authorized client can register any unused host name, even a host name that might have special significance for certain applications. This can allow a malicious user to "hijack" a special name and divert certain types of network traffic to that user's computer. WPAD is a commonly deployed protocol vulnerable to this type of hijacking, and by default WPAD look up is disabled by the blocking mechanism.

If you want to use WPAD with a Windows Server 2008 DNS, note the following behavior:

• If WPAD entries are configured in DNS before the DNS server is upgraded to Windows Server 2008, no action is required.
• If you configure or remove WPAD after you deploy the DNS server role on a server running Windows Server 2008, you must update the block list on all DNS servers that host the zones affected by the change. The affected zones are those where you registered the WPAD servers.
• To update the block list, use the dnscmd command-line tool. Open a command line prompt, and do the following:
• To check whether the global query block is enabled, type:
  dnscmd /info /enableglobalqueryblocklist. A value of 1 is returned if the block list is enabled.
• To display the host names in the current block list, type:
  dnscmd /info /globalqueryblocklist
• To disable the block list and ensure that the DNS Server service does not ignore queries for names in the block list, type:
  dnscmd /config /enableglobalqueryblocklist 0
• To remove all names from the block list, type:
  dnscmd /config /globalqueryblocklist

Further reading:

   "DNS Server Global Query Block List" from TechNet at http://technet.microsoft.com/en-us/network/bb629410.aspx.

Source:

http://blogs.technet.com/isablog/archive/2008/02/19/windows-server-2008-dns-block-feature.aspx

Abstract:

Even with Exchange 2007 SP1 installed, some users are still unable to edit rules in Outlook Web Access (OWA).  The problem appears to be caused by rules that are present that OWA cannot handle; removing the problematic rules appears to restore access.  The logging is quite poor as the UI doesn't really provide any reason for the failure.

Potential Causes:

• Remove any rules that contain "and stop processing more rules"
• Remove any rules that contain "clear message's categories"

• Rules that have the toolset icon next to them, as above, are not editable in OWA.
• First log on in OWA after mailbox is moved may result in rules not being editable.  Log off and log back on.
• Ensure Rules are Enabled in Exchange System Manager (Server Configuration, Client Access, Right click on OWA directory, Properties, Segmentation tab)

Abstract:

My quest to eliminate the Dell CERC 1.5/6ch SATA (due to its poor performance) from my production environment has been a long one as I opted to wait for Windows Server 2008 and Exchange 2007 before migrating to my 3Ware card.  This post contains a summary of all the issues I encounter, and will be updated as I proceed.

Solutions:

• Backup headaches - Setting up Exchange 2007 to back up on a Windows 2008 Server:
  "Exchange 2007 Aware Backups on Windows Server 2008"
  http://blog.justinho.com/2008/03/10/Exchange2007AwareBackupsOnWindowsServer2008.aspx
• CAS problems with RPC proxy - Some tweaks are necessary to get Outlook Anywhere to work with Exchange 2007 on Server 2008
  "Outlook Anywhere RPC over HTTPS Proxy on Windows Server 2008 Fails to Communicate with Exchange 2007"
  http://blog.justinho.com/2008/03/10/OutlookAnywhereRPCOverHTTPSProxyOnWindowsServer2008FailsToCommunicateWithExchange2007.aspx
• More to come...

Abstract:

Outlook Anywhere may not work properly on a Windows Server 2008 machine with Exchange 2007.  The DSAccess RPC proxy listens on ports 6001 and 6002 on the IPv6 stack, and listens on ports 6001, 6002, and 6004 on IPv4.  The missing listener on port 6004 causes connectivity to fail.
A workaround exists and is documented which gets this working, regardless of where the RPC proxy is installed (on the Exchange box, or otherwise.)

Details:

If your RPC proxy is on 2008, but not on the same box as Exchange 2007, remove the IPv6 binding to force the proxy to communicate with Exchange on IPv4.

Otherwise, modify your host file, as per: http://weblog.bassq.nl/?p=79

• Comment out the line “:::1 localhost”
• Add the following two lines:
  <IPv4 address> <hostname of the computer>
  <IPv4 address> <FQDN of the computer>

So, for my server, I have:
10.0.0.5 servername
10.0.0.5 servername.subdomain.domain.com

To confirm functionality:

Open telnet to localhost 6004

Sources:
http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=2975122&SiteID=17

Abstract:

Exchange 2007 SP1 on Server 2008 can't back up using in-box tools.  Either use DPM, or a 3rd party tool ($$$), or hack NTBackup to run on 2008 Server.  A workaround/hack is provided that allows NTBackup to run on Server 2008 x64 with Exchange 2007 SP1.

Background:

The Exchange Team Blog has the following text:

Unlike previous versions of Windows, Windows Server 2008 does not include a backup utility that supports the Exchange ESE streaming backup APIs. The Windows 2008 backup application, Windows Server Backup, cannot be used to take backups of Exchange.

Exchange still includes the ESE streaming backup APIs, but the absence of an Exchange-aware backup application in Windows may come as a surprise to many. Another change we made that may also affect you is the removal of remote streaming backup support on Windows 2008.

This leaves you with two choices for taking Exchange-aware online backups when running Exchange 2007 SP1 on Windows 2008:

1. Move to a Volume Shadow Copy Service (VSS)-based backup application. You can use Microsoft System Center Data Protection Manager (DPM) 2007 or a third-party backup application that supports Exchange-aware VSS-based backups of Exchange 2007 SP1 on Windows Server 2008. Windows Server Backup in Windows 2008 is a VSS-based backup application, but it does not include a VSS requestor for Exchange, which is a necessary component in order to use VSS to take an Exchange-aware backup.
2. Use a Third-Party application that supports ESE streaming backups using a local backup agent on the Exchange server. Because the ESE streaming APIs remain in Exchange 2007, you can still use them to backup Exchange. But to do that, you must use a third-party backup application that runs a local agent on the Exchange server so that the streaming backup is made locally, and not remotely. You cannot take remote streaming backups of Exchange 2007 SP1 on Windows 2008 with or without a third-party product. Any streaming backups that are performed must be performed locally on the Exchange server.

Annoyances and anger aside, NTBackup (the old utility) can be made to run on Server 2008.  I found this: http://cs.thefoleyhouse.co.uk/blogs/karl/archive/2008/02/10/how-to-backup-exchange-2007-on-server-2008.aspx

To Install and use NTBackup on a Server 2008 Machine to Backup Exchange 2007 SP1:

1. Install NTBackup, as per http://www.petri.co.il/installing_windows_xp_ntbackup_on_windows_vista.htm
   1. Copy these files from a 2003 server (C:\Windows\System32\) to Server 2008 (C:\Program Files\NTBackup\):
      1. ntbackup.exe
      2. ntmsapi.dll
      3. vssapi.dll
2. Install the Removable Storage Manager from Server Manager.  (Features, Add Features, Removable Storage Manager.)
3. Copy Exchange DLLs to access Exchange (as per http://support.microsoft.com/kb/275876).  You need to copy esebcli2.dll from 2003 (C:\Program Files\Exchsrvr\Bin) to 2008 (C:\Program Files\NTBackup)
4. Run regedit and change the esebcli2 key from C:\Program Files\Micrsoft\Exchange Server\Bin\esebcli2.dll to C:\Program Files\NTBackup\esebcli2.dll

Discussion:

I would seem that several product groups at Microsoft have failed to do comprehensive use-case analyses of customer requirements.  This has happened with Vista (poor file copy performance, poor video card gaming performance, 4GB RAM BSOD with RTM, to name a few), and with Exchange 2007 (Exporting to PST in 2007 requires a 32-bit box, Server 2008 CAS does not work properly with single server deployments since DSAccess fails to listen on the IPv6 on port 6004, and Server 2008 does not provide an in-box backup solution for Exchange 2007.)

Summary:

The latest firmware/drivers (February 2008 beta) with 3Ware 9650SE (8LP) and Windows Server 2008 do not get along.  The system gets to the boot screen with the progress indicator, then locks up.

The problem is resolved with older firmware version 9.4.0.1 with bootloader 3.05.00.002, using the latest beta drivers (3wareDrv.sys is version 3.0.3.108).  I have Windows Server 2008 Enterprise running now.

Workarounds:

1. (March 20th 2008) Use the latest in-engineering firmware and drivers, as per http://www.3ware.com/KB/article.aspx?id=14928
   Firmware 3.08.00.022 or newer should be compatible, when using the driver 3.0.3.108.
2. (March 2nd 2008) Downgrade the firmware.  Download firmware/bootloader: http://www.3ware.com/KB/article.aspx?id=15103 (older firmware 9.4.0.1 with bootloader 3.05.00.002)
   Drivers: http://www.3ware.com/download/productseng/Driver/windrv_x64.zip (I'm using 3wareDrv.sys, version 3.0.3.108)

Known Issues:

• Back up your RAID containers before downgrading - I had some weird errors.  I ended up nuking my RAID containers, then recreating them.
• I'm running the latest management utilities - no problems so far.

Details:

January 13th 2008

I have a Tyan FT48 with a quad core Xeon E5335.  I moved my 3Ware 9650SE (8LP) over to it this afternoon to do a Windows Server 2008 RC (Hyper V) install and discovered that the drivers provided for 3Ware are non-functional with Server 2008.  The system hangs at start up, at the Server 2008 boot up screen.  The green progress indicator locks up.

This is also happening with a 9550SX on a different system.  But just to be safe: The system BIOS is the latest available, 2.00b, from Tyan.

The 3Ware 9.5.0 production driver, and the in-engineering drivers have been tested.
Both cards have been updated to the latest firmware.

http://www.3ware.com/KB/article.aspx?id=14928 is not very helpful.  Has anyone tried the 9650SE with Vista?  Any boot problems?

My server remains on Server 2003 R2 x64 until this issue is resolved.  I'm disappointed that 3Ware doesn't have functioning drivers, still.

January 15th 2008

My email to 3Ware was promptly replied to. They've sent me updated drivers, soon to be posted on their website under "In Engineering", I'm told.  Bypassing the signature requirement is still necessary at this point, via http://www.3ware.com/KB/article.aspx?id=14928 I'm told.

I will get these tested the coming weekend.

February 2nd 2008

I got the 2008 RTM bits off Connect today - and I'll try to find some time to get this tested this coming weekend, using the latest engineering drivers.

February 6th 2008

I'm not checking the 3ware KB daily at http://www.3ware.com/KB/article.aspx?id=14928 , but some more 'information' has been posted: 64-bit Vista/Windows 2008 support is not currently available.  A firmware upgrade for the 9550SX(U)/9590SE/9650SE is required.  This will be officially supported with the 9.5.1 code set (due out August 2008), but a beta version will be posted to the 'In Engineering Phase' section of the 3ware web site soon (February 2008).

Later this month?  This is surely a problem that became obvious in earlier builds.  Perhaps I will dig up some older beta builds of 2008 that I have, and test.  I'm curious as to why they've done so little.  I'm very disappointed.

February 6th 2008 (again)

3Ware says they found the current bug last week (week of January 28th.)  They say they should have updated code by the end of this week (week of February 4th) and testing will be done next week (week of February 11th).  I'm told the code will be posted to the "in-engineering" section the week after (week of February 18th).

Pretty disappointing.  But at least they respond to emails, with real answers, unlike Adaptec.

February 26th 2008

Tried this past weekend with latest beta firmware on the 9650SE with the latest driver.  No boot.  Argh.

March 2nd 2008

Success!  I booted from a Windows 98SE floppy, and flashed my 9650SE (8LP) to 9.4.0.1 with bootloader 3.05.00.002 from http://www.3ware.com/KB/article.aspx?id=15103 .
My RAID containers were a bit wonky in the BIOS after, so make sure you do a complete backup of your RAID containers first.  I ended up re-creating the containers - and everything seems functional, so far.  Using that firmware and bootloader, coupled with the latest beta driver (3wareDrv.sys is version 3.0.3.108) I'm able to get Windows Server 2008 x64 RTM booting.

Thank you to the person who left the comment!  I have contacted 3Ware support, and they have updated the KB article to reflect this workaround.

Background:

I run Vista Ultimate x64 (64-bit).

Message:

When I open the Windows Photo Gallery, I am told that, "An Update to Windows Photo Gallery is Available".

Sure.  Sounds good to me.    If I choose to download the update, I'm directed to a Canon page, which looks like this:

Discussion:

So the 64-bit version is not supported.  Lovely.  Someone botched the 3rd party software integration.

If the app was written in-house, then it would already have been ported to 64-bit, be localization-ready, undergone a security review, etc. Because those are basic ground rules for coding at Microsoft.

http://blogs.msdn.com/oldnewthing/archive/2008/02/25/7885570.aspx

Background:

I have two Intel Xeon P4 Xeon servers.  The clock speed on both is 2.8GHz.

Problem:

Everything takes an eternity on them.  They're so slow.  And they do nothing but generate heat.

and a quick peek inside Task Manager on this particular machine shows:

Yup.  A massive amount of physical memory (6GB) that is sitting there, waiting to be used.

NetBurst was something that never should have happened.  AMD was around to make them realise that - and now we're being shipped lots of P3 cores on a die.

Meanwhile, I have a significant portion of my infrastructure that is, essentially, useless.  Perhaps it contributes to global warming by wasting lots of electricity, but Intel should have to deal with this.  Take back old P4 and Xeon processors and replace them with a new Core-based Celery or E2XXX series processor or something.

*sigh*  Unnecessary downtime.

What is PowerGUI?

PowerGUI is an extensible graphical administrative console for managing systems based on Windows PowerShell. These include Windows OS (XP, 2003, Vista), Exchange 2007, Operations Manager 2007 and other new systems from Microsoft. The tool allows to use the rich capabilities of Windows PowerShell in a familiar and intuitive GUI console.

How much does it cost and is registration required?

PowerGUI is a freeware product thanks to the support we are getting from Quest Software. You can download the product and access all information on this site absolutely for free and without any registration or login. You will have to register only if you want to post information to the discussion forums or library, or subscribe to notifications by email (RSS subscription does not require registration.)

What are the system requirements?

The main system requirement is Windows PowerShell (which in its turn requires .net framework 2.0). If you don't have this installed on your computer PowerGUI setup will detect that and open a web page from which the system can be downloaded. In terms of operating systems we support Windows XP, 2003, Vista, and Longhorn; both 32- and 64-bit. Particular snapins may add their specific system requirements. For example the Exchange 2007 snapin we ship today naturally requires Exchange 2007 or its administrative tools.

What can I do with PowerGUI?

Pretty much anything that the underlying system permits. You can browse through the system, filter/sort what you get, select the columns, perform actions on selected objects, change their properties, export data to clipboard, Excel, xml, or just html reports, and much more. And if you don't believe this is all being done by Windows PowerShell just switch to another tab and you'll see the PowerShell code behind what you've been doing.

Download: http://powergui.org/downloads.jspa

Robert McMurray: Earlier today Microsoft released the RTM version of the Microsoft FTP Service for IIS 7.0 for Windows Server 2008!

Listed below are the links for the download pages for each of the individual installation packages:

FTP 7 (x86) Installation Package
http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1619

FTP 7 (x64) Installation Package
http://www.iis.net/downloads/default.aspx?tabid=34&i=1620&g=6

We've all seen it happen. Two servers are configured the same way, but suddenly, one of them stops working. The content is same, everything looks right, but one server is exhibiting unusual behavior. You could try to take the config from the working server and overwrite the broken one. But that won't tell you what happened, nor if it might happen again.

There's also the case where you only have one server, which suddenly breaks. Restoring from backup if you have one or manually sifting through config might be your only option. But often the problem isn't easy to spot and backups take time and effort to restore.

Enter MS Deploy. You can compare two live sites, a site with an archive, or compare two archives. In this case, I'll show you comparison of a live web site and an archive. An archive is like a snapshot of a site or server at a given point in time. When you take the archive, you may be doing it for a manual backup, to do an offline sync or to make a copy of a specific version of your app. It's a great way to quickly take a snapshot of your working app (and config) before you make changes.

http://blogs.iis.net/msdeploy/archive/2008/02/02/using-ms-deploy-to-compare-sites-or-see-what-components-your-site-uses.aspx

via http://blogs.iis.net/msdeploy/archive/2008/01/22/welcome-to-the-web-deployment-team-blog.aspx

Technical Preview 1

x86
http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1602

x64
http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1603

This white paper provides the information that you need in order to configure Microsoft Exchange Server 2007 with multiple address lists so different groups of users can have their own address list and secure those address lists so that groups of users can only see their specific address list.

Much of the information in this white paper originally appeared as individual Help topics in the Exchange Server 2007 Help. In this white paper, we have consolidated the information that you need to deploy and manage segregated address lists in one central location. We have also provided sample scripts, which can be modified to fit your environment, to help automate the provisioning of virtual organizations and users.

http://technet.microsoft.com/en-us/exchange/bb936719.aspx or
http://technet.microsoft.com/en-us/library/bb936719(EXCHG.80,printer).aspx

More technical papers: http://technet.microsoft.com/en-us/library/cc164340(EXCHG.80).aspx

Background:

A clean install of Windows Vista SP1 is attempted on an hp Pavilion dv1603tn.  The "high definition audio device" shows failure in Device Manager.  The HP provided Vista package was installed.  The "High Definition Audio Device" device error goes away, but the resultant "Conexant High Definition Audio" device is silent and refuses to play any sounds.  Attempts to do so show sounds appearing in the sound mixer - the levels change - but nothing comes out the main system speakers.

Solution:

The HP provided Vista package is non-functional.  Download and install the "XP" driver package on their website.  Windows Update then will provide an updated driver package for Vista if necessary.

XP package installed: Release Date: 2006-05-15           Version: 3.21.0.0 A
Vista package attempted: Release Date: 2007-05-15           Version: 3.38.0.50 A
It is possible that an "updated" package will be released in the future by the manufacturer to correct this problem.

1. Download the XP driver package, and open it with WinRAR or 7-zip or a similar archiver, and extract it's contents.  (This will prevent the package from auto installing.)
2. Next, right click on the High Definition Audio Device in Device Manager and update the driver to this package, by pointing the wizard to the folder where the files were extracted it.

The functional driver with Vista SP1 has a date of "4/18/2006" and is version "3.21.0.0".

Note:

Ensure also you download and install the latest video and chipset drivers from Intel.com - NOT HP's support website, which shows releases several builds behind.

How to obtain the latest update rollup for Exchange 2007

http://support.microsoft.com/?kbid=937052

What will support Windows Server 2008 at RTM?

• .NET Framework 2.0 (installed)
• .NET Framework 3.0 SP1 ( part of Application Server role )
• .NET Framework 3.5
• Dynamics CRM 4.0
• Exchange Server 2007 SP1
• Forefront Security Server 1.0
• MOSS SP1 ( installation notes for Windows Server 2008)  http://support.microsoft.com/kb/936988
• SQL Server 2005 SP2
• System Center Data Protection Manager 2007
• System Center Configuration Manager 2007 (Formerly SMS)
• System Center Operations Manager 2007
• Windows Sharepoint Services 3.0 SP1 ( installation notes for Windows Server 2008 ) http://support.microsoft.com/kb/936988
• Visual Studio 2008
• WSUS 3.0 SP1

What are we planning to support in the first half of 2008?

• We will ship the Hyper-V technology 180days after RTM
• Dynamics AX 2009
• MOM SP1
• SCCM 2007SP1
• System Center Essentials 2001
• Forefront Client Security SP1

What are we planning to support in the second half of 2008?

• Application Virtualization 4.5
• Commerce Server 2007 SP2
• HIS 2006 SP1
• MOM 2005 SP1
• SQL Server 2008
• System Center Essentials 2001
• Windows System Center VMM 2.0
• Windows Essential Business Server
• Windows Home Server vNext
• Windows HPC Server 2008

So what will not be supported?

• SMS 2003
• System Center Reporting Manager
• Internet Security and Acceleration Server 2006 and earlier

Source:

http://blogs.msdn.com/neilhut/archive/2008/02/07/microsoft-server-and-tools-support-for-windows-server-2008.aspx

Windows Media Services

To obtain the new features and tools available in Windows Media Services for Windows Server 2008, such as the built-in WMS Cache/Proxy plug-in, you must obtain and run the appropriate Streaming Media Services role installer file on the updated platform.

• Windows Media Services and the rest of the Streaming Media Services role in Server Manager, on “full” installations of Standard and Enterprise editions of Windows Server 2008
• The Streaming Media Services Server Core role, on “Server Core” installations of Standard and Enterprise editions of Windows Server 2008
• The Windows Media Services snap-in for Microsoft Management Console (MMC) on a computer that is running the Business, Enterprise, or Ultimate edition of the Microsoft Windows Vista operating system

http://www.microsoft.com/downloads/details.aspx?familyid=9ccf6312-723b-4577-be58-7caab2e1c5b7&displaylang=en&tm

Visual Studio 2008 Product Comparison Data Sheet

This data sheet provides a comprehensive product comparison of the Visual Studio 2008 IDE products. It does not provide data about Visual Studio Team System 2008 Team Foundation Server, Visual Studio Team System 2008 Team Explorer, or Visual Studio Team System 2008 Test Load Agent. This data sheet is provided for illustrative purposes only.

http://download.microsoft.com/download/5/f/e/5feb6914-bcdf-432f-81c7-e386812b086a/visualstudio2008productcomparisondatasheet.pdf (2.2MB)
http://download.microsoft.com/download/5/f/e/5feb6914-bcdf-432f-81c7-e386812b086a/visualstudio2008productcomparisondatasheet.docx (266KB)

Instead of just being rants, I found the following pages to be rather helpful.  There are some nice troubleshooting tips, changes you can make to improve performance, etc..

Why Outlook 2007 is slow: Microsoft’s official answer
http://www.itwriting.com/blog/?p=123

Outlook 2007 is slow, RSS broken
http://www.itwriting.com/blog/?p=54

Problem with Outlook 2007 - Email Receive is Broken!
http://www.roundtripsolutions.com/blog/2007/02/19/208/problem-with-outlook-2007-email-receive-is-broken/

What can I do about Outlook's huge PST?
http://ask-leo.com/what_can_i_do_about_outlooks_huge_pst.html

Symptoms
You connect a Windows Vista-based computer to a network.
A router or other device that is configured as a Dynamic Host Configuration Protocol (DHCP) server is configured on the network.
The router or the other device does not support the DHCP BROADCAST flag.

In this scenario, Windows Vista cannot obtain an IP address.

Cause

This issue occurs because of a difference in design between Windows Vista and Microsoft Windows XP Service Pack 2 (SP2). Specifically, in Windows XP SP2, the BROADCAST flag in DHCP discovery packets is set to 0 (disabled). In Windows Vista, the BROADCAST flag in DHCP discovery packets is not disabled. Therefore, some routers and some non-Microsoft DHCP servers cannot process the DHCP discovery packets.

Resolution

Summary

1. Use getmac and ipconfig /all to determine the GUID of the adapter that is having the problem.
2. Set the following in the registry:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{GUID}
   Value name: DhcpConnForceBroadcastFlag
   Value type: REG_DWORD
   Value data: 0
   Note A data value of 0 disables this registry entry. You can use this registry entry to prevent Windows Vista from using the DHCP BROADCAST flag. After you set this registry entry, Windows Vista never uses the DHCP BROADCAST flag.

Details

1. Start, run, cmd
2. Run ipconfig /all
   You'll get something like this:
   Ethernet adapter Local Area Connection:
      Media State . . . . . . . . . . . : Media disconnected
      Connection-specific DNS Suffix  . :
      Description . . . . . . . . . . . : Intel(R) PRO/1000 PL Network Connection
      Physical Address. . . . . . . . . : XX-XX-XX-XX-XX-XX
      DHCP Enabled. . . . . . . . . . . : Yes
      Autoconfiguration Enabled . . . . : Yes
   Note the MAC address of the wireless adapter (shown here with XXs).  Note this is a WIRED adapter in this example; you want your wireless NIC.
3. Next, run getmac
   Match the MAC address to the GUID of the adapter.
   Physical Address    Transport Name
   =================== ==========================================================
   XX-XX-XX-XX-XX-XX   Media disconnected
   YY-YY-YY-YY-YY-YY   \Device\Tcpip_{F37508DE-020D-43A3-916A-ED3EE080C910}
4. Click Start, type regedit in the Start Search box, and then right click on regedit, and choose "Run as Administrator"
   If you are prompted for an administrator password or for confirmation, type your password, or click Continue. 
5. Locate and then click the following registry subkey:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{GUID}
6. In this registry path, click the (GUID) subkey that corresponds to the network adapter that is connected to the network.
7. On the Edit menu, point to New, and then click DWORD (32-bit) Value.
8. In the New Value #1 box, type DhcpConnEnableBcastFlagToggle, and then press ENTER.
9. Right-click DhcpConnEnableBcastFlagToggle, and then click Modify.
10. In the Value data box, type 1, and then click OK.
11. Close Registry Editor.

See also: http://support.microsoft.com/kb/928233

Assigning SCL to messages scanned by 3rd-party antispam filters

The Unix/Linux/Security folks in your organization don't trust Exchange to do the filtering. They insist on using open source anti-spam software, such as SpamAssasin on the non-Exchange SMTP gateways. After tweaking it for a number of weeks, they are able to make it work the way they want it to, or are close to it.

Their solution is to insert an X-header in messages that looks like this:

X-Spam-Status:yes

That's it. Their job ends there.

As the Exchange team/administrator, your job is to ensure messages with that header end up in users' Junk Mail folder.

Now what?

http://exchangepedia.com/blog/2008/01/assigning-scl-to-messages-scanned-by.html

Exchange.2007.Assigning.SCL.to.Messages.Scanned.by.3rd.Party.Filters.pdf (164.02 KB)

Max PST size limit is 20 GB, as this uses the Outlook provider.  See http://support.microsoft.com/kb/830336/

• Export/Import to PST must be run from a 32 bit client machine with Exchange Management Tools installed (Version Exchange 2007 SP1 or later). The 32bit requirement comes from a dependency with the Outlook client.
• Either Outlook 2003 or Outlook 2007 must be installed on the client machine.
• The user running the task must be an Exchange Organization Admin or an Exchange Server Admin on the server where the mailbox to export/import lives.

Export-Mailbox –Identity <mailboxUser> -PSTFolderPath <pathToSavePST>

PSTFolderPath must be a full path pointing either to a directory or to a (.pst) file. If a directory is specified a PST file named after the mailbox alias will be used as the target of the export. Note that if the PST file already exists the contents of the mailbox will be merged into it.

• To export multiple mailboxes to their respective .pst files at once you can pipe in the identities of those mailboxes to the export task. Notice that when bulk exporting the PSTFolderPath parameter must forcefully point to a directory since one .pst file will be created for each mailbox.
  Get-Mailbox -Database 'MDB' | Export-Mailbox -PSTFolderPath D:\PSTs
• Just as with the export to PST scenario, when bulk importing mailboxes the PSTFolderPath must forcefully point to a directory and the task logic will try to match mailboxes alias with the .pst file names under that location. If no match is found for a particular mailbox, that mailbox will be skipped.
  Get-Mailbox -Database 'MDB' | Import-Mailbox -PSTFolderPath D:\PSTs

Running a scheduled task is a two step process:
 1) Create the powershell script and save it as a .ps1 file.  E.g:
     get-mailbox | export-mailbox -PSTFolderPath:'C:\' -Confirm:$false

 2) Create the scheduled task to run powershell and load the exchange snappin; then run your script.  The action of your scheduled task should look like:

powershell.exe -PSConsoleFile "C:\Program Files\Microsoft\Exchange Server\Bin\ExShell.psc1" -Command ". 'C:\script.ps1'"

"My mailbox size is 7.4GB. I send/receive around 200 emails a day; so that 7.4GB of email goes back several years. I don't use too many rules so most of my email ends up in my Inbox (30k items).

My background is in software performance (especially storage performance); so I couldn't live with the status quo. I was stuck, I needed my large mailbox; but I also needed a great/fast user experience so I could effectively process my mailbox. All of my machines had sufficient memory (2GB or more) so I couldn't solve the problem by adding memory (to provide the Windows System Cache with more memory to buffer the OST IO's). "

Continued: http://msexchangeteam.com/archive/2007/12/17/447750.aspx

Summary:

1. Make a set of folders containing content that is over a year (or two) old - so that your mailbox size becomes manageable.
2. Separate the content in these folders chronologically.  2004, 2005, 2006, 2007, 2008, etc.
3. Set Outlook not to sync these archive folders to your devices.  While online, you have access to this content; offline, you can't access anything older than 2 years.

This maintains the following:

1. Your large mailbox, allowing you to keep all your email online in Exchange for backup and quick access (via a web browser).
2. No PST usage.  No management of pesky PST files, and you don't have to worry about backup - the Exchange is stored on a RAID set, and backed up frequently.
3. Good laptop/desktop/workstation Outlook 2007 cached user mode experience.
4. Ability to search entire mailbox.  Open Outlook in online mode, or open up OWA.
5. Low processing on the server.  Working in offline mode means that the basic mail processing is done locally on my machine, not on the server.

Problem:

Exchange 2007 SP1 Will Not Support the Searching of Content Within Office 2007 Attachments in Messages Until the Respective Office 2007 Search Filters are Installed

Because Exchange 2007 SP1 does not include the search filters from the 2007 Microsoft Office release, Exchange 2007 SP1 cannot index Office 2007 attachments in mailboxes. Therefore, users who have mailboxes on Exchange 2007 SP1 Mailbox servers will not be able search their mailboxes for content within Office 2007 attachments in their messages. However, as soon as the Office 2007 search filters are available, installed, and integrated with your Exchange SP1 installations, this search functionality will be supported.

2007 Office System Converter: Microsoft Filter Pack
This download will install and register IFilters with the Windows Indexing Service. These IFilters are used by Microsoft Search products to index the contents of specific document formats. This Filter Pack includes IFilters for the following formats: .docx, .docm, .pptx, .pptm, .xlsx, .xlsm, .xlsb, .zip, .one, .vdx, .vsd, .vss, .vst, .vdx, .vsx, and .vtx.
http://www.microsoft.com/downloads/details.aspx?FamilyId=60C92A37-719C-4077-B5C6-CAC34F4227CC&displaylang=en

How to register Filter Pack IFilters with Exchange Server 2007
http://support.microsoft.com/default.aspx?scid=kb;en-us;944516

More information:
Exchange 2007 SP1 Release Notes
http://download.microsoft.com/download/5/e/6/5e672458-592a-44a2-b489-11cec19d3c82/RelNotes.htm

Sharepoint 2007 Articles

How to move MOSS2007 from W2003_32bit to W2008_64bit
How to move the Shared Service Provider Search database
How to configure a content Source to crawl Exchange 2003 public folders in Moss2007
How to configure Email Enabled Lists in Moss2007 RTM using Exchange 2003
How to configure Email Enabled Lists in Moss2007 RTM using Exchange 2007
Securing Central Administration in SharePoint 2007
Modify Alert Notifications using AlertTemplates.xml in SharePoint 2007
Inplace Upgrade of SPS 2003 Medium Farm to 2007 RTM

http://www.combined-knowledge.com/Downloads%202007.htm

SPS2007-2003x86-to-2008x64.pdf (1.07 MB)

Summary: http://technet.microsoft.com/en-us/library/bb125236.aspx

1. Export XML data.  http://technet.microsoft.com/en-us/library/aa997590.aspx
   New-EdgeSubscription -FileName "C:\EdgeSubscriptionInfo.xml"
2. Import XML data. http://technet.microsoft.com/en-us/library/bb123538.aspx
1. Open the Exchange Management Console. Expand Organization Configuration, select Hub Transport, and then in the result pane, click the Edge Subscriptions tab.
2. In the action pane, click New Edge Subscription. The New Edge Subscription Wizard starts.
3. On the New Edge Subscription page, in the Active Directory Site: drop-down list, select an Active Directory site.
4. On the New Edge Subscription page, click Browse. Locate the Edge Subscription file to import. Select the file, and then click Open.
5. On the New Edge Subscription page, click New.
6. On the Completion page, click Finish.
3. Force synchronization if necessary.
   http://technet.microsoft.com/en-us/library/bb123512.aspx
   If running RTM: Start-EdgeSynchronization
   If running SP1: Start-EdgeSynchronization -Server <Hub Transport server name>

Background:

Installing Exchange 2007 SP1 gives an error on the Mailbox Role.

Error:

Unable to remove product with code 6574fdc2-40fc-405a-9554-22d1ce15686b.  Unable to remove product with code 6574fdc2-40fc-405a-9554-22d1ce15686b. Fatal error during installation. Error code is 1603.
Fatal error during installation

Solution:

1. Stop the "Microsoft Exchange Search Indexer" service and the "Microsoft Exchange Transport Log Search" service.
2. Remove the Microsoft Full Text Indexing Engine for Exchange using msiexec.exe /X {6574fdc2-40fc-405a-9554-22d1ce15686b}
3. Refer to http://consumer.installshield.com/kb.asp?id=Q111019 for additional causes.

Background:

Installing Exchange 2007 SP1 on a Client Access Server gives the error "A failure occurred while trying to update metabase properties. The system cannot find the path specified."

Error:

Event Type: Error
Event Source: MSExchangeSetup
Event Category: Microsoft Exchange Setup
Event ID: 1002
Description:
Exchange Server component Client Access Role failed.
Error: Error:
A failure occurred while trying to update metabase properties.
The system cannot find the path specified.

Further, the Exchange 2007 SP1 log contained:
[2] [WARNING] IIS://<fqdn>/W3SVC/1/ROOT/EWS was not found. Please make sure you have typed it correctly.

Cause:

Note: The SP1 log is located at <system drive>:\ExchangeSetupLogs\ExchangeSetup.log

1) Ensure there are no orphaned virtual directories in the Exchange metabase, as per http://technet.microsoft.com/en-us/library/aa998589.aspx.

2) Ensure all the necessary CAS virtual directories are present.  Browse the IIS metabase using the IIS Resource Kit Tool, creatively named "Metabase Explorer".  http://support.microsoft.com/kb/840671 has a download link.
The Client Access Server virtual directories are as follows:
/W3SVC/1/ROOT/Autodiscover
/W3SVC/1/ROOT/EWS
/W3SVC/1/ROOT/owa
/W3SVC/1/ROOT/Microsoft-Server-ActiveSync
/W3SVC/1/ROOT/Exchange
/W3SVC/1/ROOT/ExchWeb
/W3SVC/1/ROOT/Public
( as per http://technet.microsoft.com/en-us/library/bb201672.aspx )

3) For directories which are not present in IIS Manager and/or missing from the IIS metabase, remove the Exchange directory, and recreate it.
For example, in the case of my error, I did a "Get-WebServicesDirectory |