The C-spot

For federation there is not much you must configure.

– Check the configuration on the lync frontend to make sure you add the domain you want to federate with in the ‘external access – federated domains’
– Create a srv record on your public dns:

_sipfederationtls._tcp.domainx.be

port: 5061

type: TCP

In some cases I noticed you should reboot your frontend and edge server in that specific order.

One of the issues I faced this week at one of my customers, was the configuration to allow outgoing FTP behind a Forefront TMG proxy.

Owkay, this one’s easy I thought… not so !!

At first, I started with the “well-known” parameters to configure, as it was the case for ISA 2006

a) create an Access Rule to allow FTP from internal to external, all users

b) right-click this rule, “configure FTP” and de-select “read only”

c) Go to the System topic in the left, Application Filters, FTP application filter, select “allow active FTP”

however, with these settings alone, it did still not work; not from browser, FTP client (eg Filezilla) or command prompt.

Finally, Microsoft support forum guided me in the right direction : To allow this “complicated bi-directional traffic passing through the TMG firewall layer”, you should install the Forefront TMG Client, which can be downloaded from here:

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=53010a09-3c5c-4d5d-9ae1-692e7447c5bd

Next / Next / Finish + reboot PC (not required, though recommended by MS)

enter in the TMG server in the settings tab (I will post a new article on how to make the “automatically detect” work, restart the FTP client and see it all working

/Peter

During a move mailbox operation at one of my customers from Exchange 2003 to Exchange 2010, I received the following error:

Error:
Active Directory operation failed on <name of DC>. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150E8A, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

The user has insufficient access rights.

When validating the AD security permissions with other mailbox users that are owkay, I noticed a difference in security permissions; more specific, the permissions were not inherited. Must have been something wrong in the past with this user.

To make the move operation run smoothly, I activated the “include inheritable permissions… “on this user security properties

/Cheers, Peter

In a solid running environment with Symantec Backup Exec 12.5 and Exchange 2007, the daily backup job of Exchange started failing with following error, after upgrading to Backup Exec 2010 version:

Final error: 0xe000fed1 – A failure occurred querying the Writer status. Final error category: Resource Errors

Here are the steps I used to resolve the issue:

a) check event log on Exchange Server

– Event ID 9609 – Exchange VSS Writer (instance 904411c7-69b4-461b-9899-9e6dd5b07d52:135) failed with error code -2403 when preparing for Snapshot.

– Event ID 9840 – An attempt to prepare the storage group ‘First Storage Group’ for backup failed because the storage group is already in the process of being backed up. The error code is -2403. (Note that if a backup was recently aborted, then it may take several minutes for the system to detect the aborted backup and initiate backup cleanup procedures, so this message may be generated if an attempt was made to backup a storage group before a previous backup attempt had fully terminated.) 

owkay, something is really going wrong

b) a first check on Symantec support and Microsoft Technet leaded to the following suggestions:

– install hotfixes on Windows 2003 box (not relevant as it was fully patched)

– verify AOFO (open file option from Symantec) was installed (you can check this from ackup Exec – Tools – install remote agents and select the Exchange server; it gave a message in this wizard that the open was installed and running successfully; that’s not it

c) Another Microsoft KB (http://support.microsoft.com/kb/930800) suggested to dismount / remount the Exchange database, as well as verifying if VSS engine was running owkay

– dismounting store was not possible, as it alerted me the backup process was running; I made this possible by stopping the information store service (as was suggested as 2nd option in the same article)

Solution: restarting the Information Store or reboot Exchange Server, simple as that

(some further background investigation learned me that the VSS engine gets somehow updated / replaced by the Backup Exec AOFO engine upgrade from 12.5 to 2010, which requires a reboot apparently. Only drawback is that this is not mentioned during the remote agent upgrade…)

/Cheers, Peter

Although you should be familiar with most of these tools already, lot’s of thanks go to Dan Erelis and Eight2One for making a handy overview of all of them, separated per version, in a clearly structured table:

http://eightwone.com/exchange-toolkit/

http://blogs.technet.com/b/danerelis/archive/2010/11/15/exchange-tools-find-what-your-eneed-in-a-easy-reference-guide.aspx

Thanks folks,

Peter

Dear readers,

I know, SP1 for Exchange 2010 has been released already several weeks ago, but for those who are still wondering if the upgrade is worthwhile (for both EX2010 users and previous version users thinking on migration), I made up a list of “my personal SP1 features” that I use for convincing customers to make the switch:

(for a complete overview of Exchange 2010 SP1 features, check the following Microsoft website:)

http://technet.microsoft.com/en-us/library/ff459257.aspx

• Setup from EX2010 SP1 integrated media has now a thick box to install required Windows Roles & Features
• 27 new OWA themes + more customizable than ever
• Change Password features in OWA, even when Password is expired
• SMTP failover with load balancing, where “down transport servers” are being detected and excluded from sending mails
• ISINTEG is back in the picture, although replaced by cmdlets (new-mailboxrepairrequest)
• Public Folder Client permissions are viewable/editable through  EMC
• Directly import PST’s to users archive mailbox using cmdlet (new-mailboximportrequest)
• Delegate access rights to archive mailbox
• Share your Outlook calendar with “everyone” on the internet (no federation needed)

That’ about it.

Stay tuned the next couple of weeks where I go through all details on some of above mentioned features and topics.

Grtz, Peter

Dear all,

One year after the launch of “the-c-spot.org”, I have to admit I didn’t blog that much. I added some posts on my previous blog-site (http://trycatch.be/blogs/pdtit), but due to projects and other time-consuming activities, I didn’t had the time for that.

After attending TechEd 2010 in Berlin last week, I decided on starting blogging again. As promised, technical stuff and day-to-day issues I’m facing on Exchange Server, Forefront Security and Microsoft IT Architecture topics in general will be the foreseen content.

Stay tuned for the latest updates.

Kind regards, Peter

Hello visitors, welcome to “the-c-spot”.

Probably one of the first things to explain is, what the “c” in the title stands for; this would make the whole idea and concept behind the website more clear I hope.

Easy as it can be, the “C” stands for Collaboration and Communication, which happen to be one of my current favourite technology groups I’m working in as a Microsoft Architect. For the ones who don’t know the technology products behind these terms, I’m talking about – regardless of version – Microsoft Exchange Server , Microsoft Office Communication Server and Microsoft Sharepoint.

Of course, as the “C” refers to “themes”, this blog site is open to other technology products as well, not only Microsoft related of course.

Feel free to join, be happy to read, come back regularly… so we all stay happy and on top of the knowledge chain.