showing all posts
by lunarg on August 24th 2015, at 16:09
Certain Certificate Authority providers, such as GoDaddy allow you to renew an SSL certificate using the same CSR and private key. This greatly simplifies the procedure to renew a certificate, but this can also complicate things if you don't have your private key readily available.

On a server running ADFS 3.0 for instance, you do not have IIS available to allow an easy SSL certificate renewal (or even a request). Or perhaps, you lost the current private key, or it is located somewhere where it's not easily accessible.

Luckily, there's a fairly easy way to extract the private key from the previous SSL certificate on your Windows server. By using the Windows Certificate store functionality   ...
by lunarg on August 24th 2015, at 12:45
The following errors may be logged in an environment that has been upgraded to a new version of Exchange (usually 2003 to 2010), or a service pack to Exchange (2010) has been installed.

MSExchange ADAccess Event ID 2937
Log Name: Application
Source: MSExchange ADAccess
Date: 9/26/2010 9:12:29 AM
Event ID: 2937
Task Category: Validation
Level: Warning
Keywords: Classic
User: N/A

The reason for this error is that an AD attribute of an item (e.g. mailbox, connector, routing group, etc) is pointing to the DN of a server which has recently been deleted from AD. As long as the object is still physically present in   ...
by lunarg on August 24th 2015, at 12:06
You may encounter the following errors in the Application event log:

MSExchangeSA Event ID 9385
Microsoft Exchange System Attendant failed to read the membership of the universal security group '/dc=com/dc=domain/ou=Microsoft Exchange Security Groups/cn=Exchange Servers'; the error code was '8007203a'. The problem might be that the Microsoft Exchange System does not have permission to read the membership of the group.

If this computer is not a member of the group '/dc=com/dc=domain/ou=Microsoft Exchange Security Groups/cn=Exchange Servers', you should manually stop all Microsoft Exchange services, run the task 'add-ExchangeServerGroupMember,' and then restart all Microsoft Exchange servic  ...
by lunarg on August 24th 2015, at 11:36

You can quickly and easily install the System Center Configuration Manager console on a management server or workstation.

There are no particular prerequisites for installing the console.

Run the following command line to install the console on the current computer, and to the default location.

"\\SmsServer.domain.local\SMS_SiteName\bin\i386\consolesetup.exe" /q TargetDir="%programfiles%\ConfigMgrConsole" EnableSQM=0 DefaultSiteServerName=SmsServer.domain.local

Adjust the parameters accordingly:

  • SmsServer.domain.local: the FQDN of your server running SCCM (ConfigMgr).
  • SiteName: the site name of the SCCM site.
by lunarg on August 24th 2015, at 10:31
Installing the SCOM 2012 R2 Operations console on a management server or workstation requires the installation of quite a few dependencies. As they are not clearly listed, here's a list of them, to be downloaded and installed in order.

Vista, Server 2008 or earlier: download and install Windows Installer 4.5

From Microsoft SQL Server 2012 Feature Pack, download and install Microsoft System CLR Types for Microsoft SQL ServerĀ® 2012:SQLSysClrTypes.msi (32-bit)

SQLSysClrTypes.msi (64-bit)

Download and install Microsoft Report Viewer 2012 Runtime

With these prerequisites installed, you should now be able to install the Operations Manager console using the SCOM 2012 R2 install media. Run s  ...
by lunarg on August 24th 2015, at 10:29

Installing the SCOM 2012 (no R2) Operations console on a management server or workstation requires these prerequisites:

  1. Download and install Microsoft Report Viewer Redistributable 2008

After installation, re-run setup.exe from the System Center 2012 media and select to install the Operations console. The presence of required software components will be verified, but with the runtime installed, the check should pass without errors.

by lunarg on August 21st 2015, at 11:06

You can mail-enable multiple accounts with a single Powershell command. Look below for some examples:

Mail-enable AD accounts whose first name is John:

Get-ADUser -Filter * | Where {$_.GivenName -like "John"} | ForEach-Object { Enable-Mailbox -Identity $_.DistinguishedName }

Mail-enable all accounts in an OU called Engineering:

Get-ADUser -Filter * -SearchBase "OU=Engineering,DC=contoso,DC=local" | ForEach-Object { Enable-Mailbox -Identity $_.DistinguishedName }
by lunarg on August 21st 2015, at 10:23

If your vCenter server has a self-signed certificate, you will get a warning about this when connecting to it from vSphere PowerCLI. You can disable this warning through PowerCLI with the Set-PowerCLIConfiguration cmdlet.

  1. Start an elevated vSphere PowerCLI (right-click, Run as Administrator).
  2. Enter the following cmdlet:
    Set-PowerCLIConfiguration -InvalidCertificateAction Ignore
    Press Enter again to confirm the change.

After making the change, new connections to the vCenter server will no longer produce a warning about the certificate.

by lunarg on August 20th 2015, at 16:26
The way public folders work has been changed radically in Exchange 2013. Starting from Exchange 2013, public folders are basically stored in a regular mailbox, and then published as public folders. With Exchange 2010 being the last version to support so-called "legacy" public folders, Exchange 2013 is not able to access these folders. As a consequence, if you're in the middle of a migration from Exchange 2007/20102010 to 2013, or are running a mixed environment, and you still have these legacy public folders on your Exchange 2010, you will notice that users with a mailbox migrated on Exchange 2013 will no longer be able to access these public folders. As Exchange 2013 no longer sup  ...
by lunarg on August 19th 2015, at 11:14

To (re)-install Windows 10 with retail or OEM media (including the Windows 10 media creator), you can (temporarily) use the "generic" installation keys, officially provided by Microsoft.

These keys allow you to perform the installation, after which Windows will run in a 30-day trial mode, before a proper key and activation is required. The keys are language and platform-independent.

Windows 10 (Home)TX9XD-98N7V-6WMQ6-BX7FG-H8Q99
Windows 10 (Home) Single Language7HNRX-D7KGG-3K4RQ-4WPJ4-YTDFH
Windows 10 ProVK7JG-NPHTM-C97JM-9MPGT-3V66T
Windows 10 EnterpriseNPPR9-FWDCX-D2C8J-H872K-2YT43
by lunarg on August 18th 2015, at 15:07
If you have an Exchange Hybrid Configuration setup, you may have some users that use services of Office365 but still have their mailbox on-premise. These users probably have an Office365 license assigned to them. Selecting these users from the Users list in the Office365 Admin Portal reveals the following message when viewing the primary e-mail address for such a user:

The items you're trying to open couldn't be found.

Additionally, the same error is displayed when attempting to view or edit Exchange Online properties for such a user.

The error is actually a "bug" in the Office365 Admin Portal, caused because the user has an Exchange Online license assigned. Because of thi  ...
by lunarg on August 18th 2015, at 14:20
Exchange's AutoMapping feature allows shared mailboxes to be added automatically to a user's Outlook if that user obtains full access permissions to that mailbox. This eliminates the need for the user to add the mailbox manually in Outlook. Subsequently, the same mechanism is also used when access to a shared mailbox is removed for a particular user. The mailbox should then automatically disappear from Outlook. Unfortunately, this does not always work properly.

Because of an intermittent bug, sometimes it can occur that a shared mailbox is not automatically removed from Outlook after access to that mailbox has been revoked. In fact, manually removing the mailbox (through Registry) doesn't h  ...
by lunarg on August 17th 2015, at 13:25
EDIT: highlight required trailing dots + added CNAME for msoid.

If you're using a hosting provider which uses DirectAdmin for its DNS management, it may be a hassle to correctly configure DNS records for Office 365, mainly because of syntax issues. After some trial-and-error and googling, I finally managed to correctly devise the proper syntax to configure Exchange Online and Lync Online.

The set up of the entries below is a left and right field in the DNS management, safe for MX-records, which are set up elsewhere. For most services, don't forget to add the trailing . at the end of each record pointing to a Microsoft Server. Otherwise, resolving will incorrectly add your own do  ...
by lunarg on August 17th 2015, at 10:10

Easily count the number of mailboxes located on an Exchange (mailbox) server with Powershell:

[PS] >Get-Mailbox | Group-Object -Property:ServerName | Select-Object Name,Count

Name                   Count
----                   -----
exchange01                43
exchange02               100
exchange03               252
by lunarg on August 14th 2015, at 14:29
This is a markup test post. You can safely ignore it!

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec molestie ornare velit non imperdiet. Sed egestas semper dui a consequat. Nam varius tincidunt maximus. Quisque at ultrices est. Vivamus vel sem vitae lorem tincidunt vulputate. Fusce at accumsan nisl.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec molestie ornare velit non imperdiet. Sed egestas semper dui a consequat. Nam varius tincidunt maximus. Quisque at ultrices est. Vivamus vel sem vitae lorem tincidunt vulputate. Fusce at accumsan nisl.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec molestie ornare velit non imperdiet. Sed egestas sem  ...
by lunarg on August 14th 2015, at 14:22
Every once in a while you will have to perform maintenance (e.g. installing updates, troubleshooting, hardware maintenance) on your Exchange 2013 servers. In the past, you had to schedule proper downtime and do manual changes to configurations for this to work properly. Exchange 2013 SP1 introduced "Maintenance mode", allowing your Exchange 2013 servers to be put in maintenance mode. This allows you to perform maintenance on a server without the end users noticing it's gone, or without having to schedule downtime.

Maintenance mode was designed for mailbox servers (i.e. servers that have the mailbox role, either standalone or multi-role). However, it's worth noting that putting a s  ...
by lunarg on August 14th 2015, at 12:34

Routine maintenance in our hosting yesterday evening (2015/08/12) caused a lengthy downtime of the server our website is running on. Although the server itself was operational right after the maintenance, there were some network issues, causing the server not to be reachable from the outside.

In the meantime, the issue has been resolved.

UPDATE (2015/08/14): the same issue also caused problems with e-mail, which was not resolved until yesterday (2015/08/13) late in the evening. Any communication through the contacts or comments form will not have arrived and will have to contact us again.

by lunarg on August 14th 2015, at 12:29
Setting up a hybrid configuration between Office 365 and on-premise Exchange may seem straight forward, but there are a lot of pitfalls to tackle. One of the more frequent issues is a problem with free/busy information not being visible, or the inability to migrate mailboxes from/to Exchange Online.

Additionally, you may have received this error during the initial configuration of the hybrid setup:

Hybrid Configuration Wizard
Office 365 was unable to communicate with your on-premises Autodiscover endpoint. This is typically due to incorrect DNS or firewall configuration. The Office 365 tenant is currently configured to use the following URL for Autodiscover queries from the Office 365 tena  ...
by lunarg on August 14th 2015, at 09:14

In an Office365 hybrid configuration, you may get the following error after the Sign in to Office 365 prompt in the EAC:

Cookies Are Disabled :(
Please make sure that you enabled cookies in your browser settings and that your Exchange Admininstration Center domain has been added to trusted sites or local intranet zones.

To resolve, you need to do just that:

  1. Go to Internet Options, tab Security.
  2. Click the Intranet zone, then click the Websites button, then the Advanced button.
  3. Add your EAC FQDN to the list (e.g.
  4. Completely close the browser, then log back in.
by lunarg on August 13th 2015, at 15:55

There's no direct installer available for Skype for Business, as it is part of Office Pro Plus, but if you have enough with the basic version (i.e. you're missing a couple of enterprise grade features), you can get Skype for Business by first installing Lync Basic, then install the required updates to turn Lync into Skype for Business.

  1. Microsoft Lync Basic 2013
  2. Install these two patches:
showing all posts