VPN Client fails to enable virtual adapter in W8

If you have W8 and use VPN or AnyConnect client like me, you could face the following issue.

22- 10- 2013 20-35-3422- 10- 2013 20-35-59It could be known issue regarding to the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CVirtA as well as selected checkbox “Allow other network users to conned through this computers Internet connection” in my case due to Hyper-V Virtual Switch.

22- 10- 2013 20-50-29

Exchange 2013 / Exchange 2010, Windows Server 2012 – SChannel Event ID:36888 (1203) – TLS/SSL error – The root cause

I have problems in some environments, where these SChannel errors are generated. Well. It took me several days to find reasonable “why” it is logged.

Problem:

The event ID from the picture can be seen from time to time:

EventID-Error

Solution:

Based on several articles I have read and some discussions. First you have to make sure, that the process causing this error is LSASS.exe, which is by the way local security authentication server (authenticating users to winlogon service, using authentication such as msgina.dll and so on). To make sure it is LSASS.EXE. Open Event ID and check the Event ID details, Click on Details tab -> Expand System while friendly view is selected. Check Process ID.

EventID_Details

Then use powershell and run:

Get-Process | select name,id | sort id

Result should give you the name of the processes. It will be lsass.exe.

Why:

Reason is simple. Not standard or corrupted behavior of web browsers or users. The problem behind SChannel and Exchange 2012 is, that sometimes users use HTTP protocol, but on port 443, which expects certificates exchange rather than GET command.

How to test:

Option 1#:

Test is easy. For example you can input URL to your browser address bar, which is obviously wrong and see the results: HTTP://MAIL.DOMAIN.LOCAL:443/OWA – It says to use HTTP protocol (not HTTPS) on the 443 port and it generates errors immediately.

Option 2#:

Run Telnet and test command:

Telnet localhost 443 (to connect to HTTPS)

In Telnet window:

Get /index.htm (on HTTPS SSL must be established first so it will generate errors immediately. Result will not be seen in telnet window)

What is the solution?

Solution #1:

Some IT guys recommend to disable SCHannel logging to get rid of these events, but I cannot recommend that. To be honest. It is better to see, that somebody is trying to connect using HTTP on HTTPS port, because this might be some attempt to DoS attack or info, that users don´t know how to type OWA URL correctly. Shortly it is better to know something is wrong than disable logging.

Solution #2:

I suspect wrong redirect configuration for the websites from HTTP to HTTPS. I would check IIS if redirect is set correctly. For those having this issue without redirect I would suspect problem in web browser area.

Links:

To test SSL via command line:

http://www.bearfruit.org/2008/04/17/telnet-for-testing-ssl-https-websites/

LSASS description:

http://www.neuber.com/taskmanager/process/lsass.exe.html

Get-VirtualDirectory cmdlets take a long time

Just a tip if you have large Exchange environment and Get-VirtualDirectory cmdlets take a long time.

You can follow KB2896472 and use the AdPropertiesOnly switch with the cmdlet which returs the virtual directory properties that are stored in Active Directory Domain Services and not in the Internet Information Services (IIS) metabase.

It works really nice.

[PS] C:\>Measure-Command -Expression {Get-WebServicesVirtualDirectory} | ft -a Milliseconds

Milliseconds
------------
         264


[PS] C:\>Measure-Command -Expression {Get-WebServicesVirtualDirectory -ADPropertiesOnly} | ft -a Milliseconds

Milliseconds
------------
          74

ForeFront Protection 2010 for Exchange Server integration failure after installing of Exchange 2010 SP3 RU2 on hybrid server EventID:1007,EventID:1008, EventID:9581, EventID:9564

This article is continuation of the http://ficility.net/2013/10/16/exchange-2010-sp3-hybrid-server-in-organization-which-have-had-exchange-200x-before-freebusy-issues/ . After installation of RU2 for Exchange Server 2010 SP3 we have had problem to intefrate ForeFront to its new (mailbox role). The MSExchangeIS service stucked and started to Start/Stop in the loop. Here are the corrective actions (actions will remove ForeFront and its settings, so if you are not sure how to configure your ForeFront, don´t use it):

Problem:

The following Event IDs are circulating: 1007 (FSC moniror Initialize) -> 1008 (FSC moniror Termination) -> 9581 (MSExchangeIS – Virus scan cannot be loaded) -> 9564 (Cannost start Information Store because Virus Scan failed to load)

FFERRORS

Solution:

  • Stop services
Stop-service MSExchangeIS
Stop-service MSExchangeTransport
Stop-Service FSCController -force
FSCutility.exe /Disable
  • Uninstall ForeFront (From Programs and features menu)
  • Restart server
  • Install ForeFront from media again and it will be automatically integrated to MSExchangeIS again.
  • Restart server
  • Configure ForeFront again, because re-installation removed your settings.
  • Test server
    From FF management console run
     FSCUtility.exe /status

    FFSTATUS_After

  • If ForeFront is integrated, run the following to test services on the server and to check if DB is mounted.
    Test-ServiceHealthGet-MailboxDatabaseCopyStatus
    Get-MailboxDatabaseCopyStatus

Exchange 2010 SP3 Hybrid server in organization, which have had Exchange 200x before – Free/Busy issues

On of my customers have Exchange 2010 SP3 migrated from 2007 and 2003 and wanted to have federation with Office 365 for remote archiving purpose. More about hybrid deployments might be found on technet: http://technet.microsoft.com/en-us/library/hh945197(v=exchg.141).aspx . We have had several troubles to make it work and one of MS suggestions was to install Free/Busy folders on Hybrid (CAS / HUB servers). We have fulfilled the need by Two steps:

  1. Install mailbox role on CAS/HUB server
  2. Install Free/Busy folder by performing following actions
powershell.exe 
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Setup 
Install-FreeBusyFolder -Verbose

After installation of Mailbox role and Free / Busy folder there is a mailbox database created on the server (As in the default installation of new mailbox server). Watch out! This database is not excluded from provisioning so new mailboxes can be created there and it doesnt have circular logging enabled. Microsoft did not mention that in doc, so I am mentioning to be safe and for my future reference.

Get-MailboxDatabase -Server Identity | Set-MailboxDatabase -CircularLoggingenabled $true -IsExcludedFromProvisioning $true
Get-MailboxDatabase -Server Identity | Dismount-Database -Confirm:$false
Get-MailboxDatabase -Server Identity | Mount-Database

That´s it. Your Hybrid server is prepared to be placed in production.

Parsing Exchange size strings

Here is a nice tip from Shay Levy: How to re-format known Exchange size format 1006 MB (1,055,195,632 bytes) to another size unit (KB,MB,GB, and so on) from csv (string) source? Just use the accelerator [Microsoft.Exchange.Data.ByteQuantifiedSize].

http://www.powershellmagazine.com/2013/10/08/pstip-parsing-exchange-size-strings/

Exchange 2013 – Replication problem when different disk configuration is used

My friend came with problem to add second copy of databese in Exchange 2013 DAG, because replication service failed to perform initial seed due to different configuration between source (first copy)  and target (second copy)disks. I wanted to test it, so here is case study:

LAB:

  • 2x DC, 2x Exchange 2013 – CAS and Mailbox role in DAG, HAProxy load balancer, Exchange 2010 SP3 multirole server
  • All running under VMWare player
  • TESTDB: First copy on one DAG member on mountpoint F: (GPT, SCSI, NTFS , 8kB / sector)

Getting info about NTFS:

I used the Powershell function presented in this article http://cornasdf.blogspot.cz/2010/03/using-powershell-to-get-ntfs-info-such.html?showComment=1362006532506#c4110837443209977959

Thanks to Conrad then gathering NTFS info is as easy as:

Get-NTFSInfo f

and result

Drive                           : f
NTFS_Volume_Serial_Number       : 0xfaf6f756f6f7121d
Version                         : 3.1
Number_Sectors                  : 20901887 (0x00000000013eefff)
Total_Clusters                  : 1306367 (0x000000000013eeff)
Free_Clusters                   : 1234271 (0x000000000012d55f)
Total_Reserved                  : 0 (0x0000000000000000)
Bytes_Per_Sector                : 512
Bytes_Per_Physical_Sector       : <Not Supported>
Bytes_Per_Cluster               : 8192
Bytes_Per_FileRecord_Segment    : 1024
Clusters_Per_FileRecord_Segment : 0
Mft_Valid_Data_Length           : 524288 (0x0000000000080000)
Mft_Start_Lcn                   : 393216 (0x0000000000060000)
Mft2_Start_Lcn                  : 1 (0x0000000000000001)
Mft_Zone_Start                  : 393248 (0x0000000000060020)
Mft_Zone_End                    : 418848 (0x0000000000066420)
RM_Identifier                   : 0E320AB6-7A27-11E2-B355-000C2940FA17

Plan:

Test replication issues while using the following setup:

  1. Create second copy of the database using SCSI, GPT, NTFS but larger size of the block (65kB)
  2. Create second copy of the database using SCSI, GPT, NTFS but lower size of the block (2kB)
  3. Create second copy of the database using IDE, MBR disk with the same NTFS config as the first copy of the database
  4. Create second copy of the database using IDE, MBR disk with the different NTFS config as the first copy of the database (65kB block)

Ad 1) Create second copy of the database using SCSI, GPT, NTFS but different size of the block (65kB)

I have preconfigured the disk with the same drive letter F: , GPT and now I will format the NTFS to 65kB block size. The info from NTFS:

[PS] C:\Windows\system32>get-ntfsinfo f

Drive                           : f
NTFS_Volume_Serial_Number       : 0x5ed0732ad0730793
Version                         : 3.1
Number_Sectors                  : 20901887 (0x00000000013eefff)
Total_Clusters                  : 163295 (0x0000000000027ddf)
Free_Clusters                   : 162095 (0x000000000002792f)
Total_Reserved                  : 0 (0x0000000000000000)
Bytes_Per_Sector                : 512
Bytes_Per_Physical_Sector       : 
Bytes_Per_Cluster               : 65536
Bytes_Per_FileRecord_Segment    : 1024
Clusters_Per_FileRecord_Segment : 0
Mft_Valid_Data_Length           : 65536 (0x0000000000010000)
Mft_Start_Lcn                   : 49152 (0x000000000000c000)
Mft2_Start_Lcn                  : 1 (0x0000000000000001)
Mft_Zone_Start                  : 49152 (0x000000000000c000)
Mft_Zone_End                    : 52384 (0x000000000000cca0)
RM_Identifier                   : 1749F9E1-7CB8-11E2-B6CB-000C29ECA938

Adding DB copy:

Add-MailboxDatabaseCopy -Identity TestDB -MailboxServer FrontEnd1 -ActivationPreference 2

Result:

Works normally. Database is seeded and also incremental seed works. Before point 2 I removed the mailbox database copy and formatted NTFS with lower block size.

[PS] C:\Windows\system32>Remove-MailboxDatabaseCopy testdb\frontend1

Confirm
Are you sure you want to perform this action?
Removing database copy for database "TESTDB" on server "FRONTEND1".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"): y
WARNING: The copy of mailbox database "TESTDB" on server "FRONTEND1" has been removed. If necessary, manually delete
the database copy's files located at "f:\TESTDB" and "F:\TESTDB\Testdb.edb" on that server.
[PS] C:\Windows\system32>

AD 2) Create second copy of the database using SCSI, GPT, NTFS but lower size of the block (2kB)

I have preconfigured the disk with the same drive letter F: , GPT and now I will format the NTFS to 2kB block size.

Works normally. Database is seeded and also incremental seed works. Before point 2 I removed the mailbox database copy and formatted NTFS with lower block size.

AD 3)Create second copy of the database using IDE, MBR disk with the same NTFS config as the first copy of the database

Seeding works normally as in other configurations.

PS C:\Users\administrator.SALONOVI> get-ntfsinfo f

Drive                           : f
NTFS_Volume_Serial_Number       : 0x42f4703af47031f1
Version                         : 3.1
Number_Sectors                  : 20965375 (0x00000000013fe7ff)
Total_Clusters                  : 1310335 (0x000000000013fe7f)
Free_Clusters                   : 1300725 (0x000000000013d8f5)
Total_Reserved                  : 0 (0x0000000000000000)
Bytes_Per_Sector                : 512
Bytes_Per_Physical_Sector       : 512
Bytes_Per_Cluster               : 8192
Bytes_Per_FileRecord_Segment    : 1024
Clusters_Per_FileRecord_Segment : 0
Mft_Valid_Data_Length           : 262144 (0x0000000000040000)
Mft_Start_Lcn                   : 393216 (0x0000000000060000)
Mft2_Start_Lcn                  : 1 (0x0000000000000001)
Mft_Zone_Start                  : 393216 (0x0000000000060000)
Mft_Zone_End                    : 418848 (0x0000000000066420)
RM_Identifier                   : 700D6323-8444-11E2-9E80-000C29ECA938

Ad 4) Create second copy of the database using IDE, MBR disk with the different NTFS config as the first copy of the database (4kB block)

Works as other configurations.

Drive                           : f
NTFS_Volume_Serial_Number       : 0x0a262c1b262c0a71
Version                         : 3.1
Number_Sectors                  : 20965375 (0x00000000013fe7ff)
Total_Clusters                  : 10482687 (0x00000000009ff3ff)
Free_Clusters                   : 9682285 (0x000000000093bd6d)
Total_Reserved                  : 0 (0x0000000000000000)
Bytes_Per_Sector                : 512
Bytes_Per_Physical_Sector       : 512
Bytes_Per_Cluster               : 1024
Bytes_Per_FileRecord_Segment    : 1024
Clusters_Per_FileRecord_Segment : 1
Mft_Valid_Data_Length           : 524288 (0x0000000000080000)
Mft_Start_Lcn                   : 3145728 (0x0000000000300000)
Mft2_Start_Lcn                  : 8 (0x0000000000000008)
Mft_Zone_Start                  : 3145728 (0x0000000000300000)
Mft_Zone_End                    : 3350560 (0x0000000000332020)
RM_Identifier                   : 700D6344-8444-11E2-9E80-000C29ECA938

Result:

I haven´t found error or problematic configuration, however, there might be some stuff useful for others. It took so much energy to test, that I would still like to post this article for future refference.

 

How to alter Retention policies in Exchange 2013

One of my friends want to alter automatic deletion of Junk Email folder so, that it contains only 30 days of messages. The way how it should be done is simple. We can create new retention policy or add Retention policy tag to existing one.

Theory

Exchange 2013 (as well as Exchange 2010) contains a set of Retention policy tags grouped in Default Retention and Archive policy. Retention policy tag says, what action will be done with item (for example all Messages calls) within specified Retention period and defined folder. Retention policy can be assigned to mailbox in 1:1 ratio, meaning only one Retention policy can exist on mailbox. It is not supported to have no retention policy on mailbox or to have Retention policy without any Retention policy tag, which might cause, that no item in mailbox will expire. More info about Retention policies and tags can be found here: http://technet.microsoft.com/en-us/library/dd362328(v=exchg.150).aspx Retention Tags and Retention policies are described here:http://technet.microsoft.com/en-us/library/dd297955(v=exchg.150).aspx

Retention policy can contain several types of Retention policy tags:

  • One or more retention policy tags (RPTs) for supported default folders
  • One default policy tag (DPT) with the Move to Archive action
  • One DPT with the Delete and Allow Recovery or the Permanently Delete action
  • One DPT for voice mail
  • Any number of personal tags

Retention policy is then added to mailbox and it is up to administrator to configure how often Managed Folder Assistant will process mailboxes. I picked up and option to add Retention policy tag to existing policy and here is the result:

Creation of Retention policy tag

To create Retention policy tag we must be sure what action to perform and to what folder type. In my case to delete and allow recovery on all items older than 1 month in folder type Junk Email. Here is the command:

New-RetentionPolicyTag -Name "Junkmail Cleanup" -MessageClass * -AgeLimitForRetention 30.00
:00:00 -RetentionAction DeleteAndAllowRecovery -Type JunkEMail

RetentionPolicy_AddedTAG_EAC

Assigning Retention policy tag to Retention policy

To add Retention Policy tag to Retention policy use the following commands:

$TagList = (Get-RetentionPolicy "Default Archive and Retention Policy").RetentionPolicyTagLinks
$TagList.Add((Get-RetentionPolicyTag 'Junkmail Cleanup').DistinguishedName)
Set-RetentionPolicy "Default Archive and Retention Policy" -RetentionPolicyTagLinks $TagList

RetentionPolicy_AddedTAG

Assigning Retention policy to mailbox

First gather what retention policy is used and if different, add needed retention policy to mailbox:

Get-Mailbox zbynek | select *ret*
Set-Mailbox zbynek -RetentionPolicy "Default Archive and Retention Policy"

Force running Retention policy

Start-ManagedFolderAssistant -Identity zbynek

Assign Retention policy and cleanup

Change Retention policy cycle

The default is to run policy for all mailboxes daily, but it can be changed altering mailbox server property ManagedFolderWorkCycle. In my example there will be 10 days cycle to run Retention policies on all mailboxes on the server.

Set-MailboxServer EX13NODE2 -ManagedFolderWorkCycle 10

Result

Before:
Junkmail_Before

After:
JunkmailAfter

IMAP connection settings and workload management on Exchange 2013

One of my Exchange 2013 customers currently running Exchange 2013 CU2v2 started to have problems with IMAP connections to his server. IMAP log stated, that conection limit has been reached:

IMAP_Connection_limit_reached

I have examined IMAPSettings from Exchange management shell, and here it is. Connection limit per user is set to 16 by default and counters are reset after 240000 milliseconds (4 minutes), which is not enough. First part of this article will be about the possibilities how to set IMAP from connection point of view. Second part is, how to deal with IMAP in case server is under heavy load and it is expected to have IMAP running.

1. IMAP Settings from connection point of view

IMAP connections limits can be set in levels of MaxConnections, MaxConnectionFromSingleIP, MaxConnectionsPerUser. First two limits are very high, but third limit is set to 16 by default and throttling policy let counter reset after 240000 milliseconds by default, which means, that if user make more than 16 connections in 4 minutes, he is banned till next counter reset.

imap limit

So connection limit might be increased by the following command:

Set-IMAPSettings -MaxConnectionsPerUser <Number>
Get-Service *IMAP* | Restart-Service

Result can be seen on the Picture below (Reset of IMAP services must be made):

IMAP_User_connection_setting

imap limita

Details about settings are here: http://technet.microsoft.com/en-us/library/aa998252(v=exchg.150).aspx

2. IMAP settings from Workload management point of view

Limits per user are set and now I would need to fulfill customer needs if server load is increased. In my case customer needs to have IMAP working properly even there is high utilization of system resources. First I went to Technet web link http://technet.microsoft.com/en-us/library/jj150485(v=exchg.150).aspx and selected the best suitable Workload Classification for my customer. Default Workload Classification for IMAP is Internal Maintenance. If one of performance indicators is in Overloaded or pass the Critical threshold, IMAP service might be temporarily inaccessible for users (Monitored system resources are described in the Technet article as well).

So in this stage I have checked tables and according the server utilization I suggested to increase Workload Classification from Internal maintenanace (Picture below) to Customer Expectation, which means, that even the server will be under heavy load, IMAP is going to work for users.

Before Setting (Default Workload Classification):

IMAP_Connection_limit_Workload_management_before

After setting performed by the following command:

Get-WorkloadPolicy IMAP | Set-WorkloadPolicy -WorkloadClassification CustomerExpectation

IMAP_Connection_limit_Workload_management_after Done!

Links:

How to quickly clean mailbox in Exchange 2010/2013

I had troubles and a lot of mess in my test mailbox and didn´t have time to cleanup, so here is, what I did. Basically I used a method, which is also used, when there are problems in production and server / database goes down and you must use Dial tone restore.

  • Gather mailbox database
Get-Mailbox <identity> | select MailboxDatabase
  • Rehome mailbox (set different database to mailbox)
Get-Mailbox <identity> | Set-Mailbox -Database <DB identity>
Get-mailbox x9xxxx | Set-Mailbox -Database MDB12
Confirm Rehoming mailbox "domain.local/Persons/Administrators/test/CZ/X9XXX" to database "MDB12". This operation will only modify the mailbox's Active Directory configuration. Be aware that the current mailbox content will become inaccessible to the user. [Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"):

Use Clean-MailboxDatabase on old database to see the mailbox in disconnected mailboxes.

Get-MailboxDatabase <old MDB identity> | Clean-MailboxDatabase
  • Your old data will be removed according your Exchange configuration or you can force deletion by command Remove-StoreMailbox <your old data mailbox identity> as well described here:

http://technet.microsoft.com/en-us/library/gg181092(v=exchg.141).aspx

  • Your mailbox is clean.