The C-spot

These are the new released Lync 2010 cumulative updates and fixes:

• Cumulative update package for Lync 2010 (64bit) & (32 bit): January 2011 http://support.microsoft.com/?kbid=2467763
• Cumulative update for Microsoft Lync 2010 Phone Edition for Polycom CX700 and LG-Nortel IP Phone 8540: January 2011 http://support.microsoft.com/?kbid=2493722
• Cumulative update for Lync 2010 Phone Edition for Aastra 6721ip and Aastra 6725ip: January 2011http://support.microsoft.com/?kbid=2493724
• Cumulative update for Lync 2010 Phone Edition for Polycom CX500, Polycom CX600, and Polycom CX3000: January 2011 http://support.microsoft.com/?kbid=2493723
• Cumulative update for Lync 2010 Attendee – Administrator level installation: January 2011 http://support.microsoft.com/?kbid=2467762
• Cumulative update for Lync 2010 Attendee – User level installation: January 2011 http://support.microsoft.com/?kbid=2467761
• Cumulative update for Lync 2010 Attendant: January 2011 http://support.microsoft.com/?kbid=2467760
• Update for Lync 2010 Group Chat Client: January 2011 http://support.microsoft.com/?kbid=2467765
• Update for Lync Server 2010, Group Chat Administration Tool: January 2011http://support.microsoft.com/?kbid=2467764

/Tim

If you can’t add domain or enterprise admins, there is a workaround for this!

Turn on advanced features in AD and go to the users security tab.

Normally you should create another (second) user for using LYNC for all admins, but if you really need this, do it this way.

Mark include inheritablepermissions from the object’s parent.

Click OK.

/Tim

If you allready have a CMS installed in your domain you can remove the old CMS by entering the following command in the lync powershell: remove-csconfigurationstore.

This command will actually remove the service control point in Active Directory that points to your Central Management Store.

When you perform Remove-CSconfigurationStoreLocation the reference is deleted from active directory.

To completely remove references to old topology objects, you will also need to remove some additional entries using ADSI Edit.

/Tim

Configure Lync communicator client policy error by importing the adm file.

This is a bug in the adm file. Open the adm file with notepad and change the next values:
PolicyGalUseCompactDeltaFile=”Use Compact Delta File for GAL”
ExplainText_GalUseCompactDeltaFile= “This policy allows Microsoft Lync to use compact delta file for GAL.”
GalUseCompactDeltaFileVal0=”Do not use compact delta file”
GalUseCompactDeltaFileVal1=”Use compact delta file (default)”
GalUseCompactDeltaFileVal2=”Use compact data file, but do not issue an LDAP query to retrieve the ‘Title’ and ‘Office’ attribute from AD.”

After these changes the adm file works fine.

/Tim

One of the issues I faced this week at one of my customers, was the configuration to allow outgoing FTP behind a Forefront TMG proxy.

Owkay, this one’s easy I thought… not so !!

At first, I started with the “well-known” parameters to configure, as it was the case for ISA 2006

a) create an Access Rule to allow FTP from internal to external, all users

b) right-click this rule, “configure FTP” and de-select “read only”

c) Go to the System topic in the left, Application Filters, FTP application filter, select “allow active FTP”

however, with these settings alone, it did still not work; not from browser, FTP client (eg Filezilla) or command prompt.

Finally, Microsoft support forum guided me in the right direction : To allow this “complicated bi-directional traffic passing through the TMG firewall layer”, you should install the Forefront TMG Client, which can be downloaded from here:

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=53010a09-3c5c-4d5d-9ae1-692e7447c5bd

Next / Next / Finish + reboot PC (not required, though recommended by MS)

enter in the TMG server in the settings tab (I will post a new article on how to make the “automatically detect” work, restart the FTP client and see it all working

/Peter

During a move mailbox operation at one of my customers from Exchange 2003 to Exchange 2010, I received the following error:

Error:
Active Directory operation failed on <name of DC>. This error is not retriable. Additional information: Insufficient access rights to perform the operation.
Active directory response: 00002098: SecErr: DSID-03150E8A, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

The user has insufficient access rights.

When validating the AD security permissions with other mailbox users that are owkay, I noticed a difference in security permissions; more specific, the permissions were not inherited. Must have been something wrong in the past with this user.

To make the move operation run smoothly, I activated the “include inheritable permissions… “on this user security properties

/Cheers, Peter

In a solid running environment with Symantec Backup Exec 12.5 and Exchange 2007, the daily backup job of Exchange started failing with following error, after upgrading to Backup Exec 2010 version:

Final error: 0xe000fed1 – A failure occurred querying the Writer status. Final error category: Resource Errors

Here are the steps I used to resolve the issue:

a) check event log on Exchange Server

– Event ID 9609 – Exchange VSS Writer (instance 904411c7-69b4-461b-9899-9e6dd5b07d52:135) failed with error code -2403 when preparing for Snapshot.

– Event ID 9840 – An attempt to prepare the storage group ‘First Storage Group’ for backup failed because the storage group is already in the process of being backed up. The error code is -2403. (Note that if a backup was recently aborted, then it may take several minutes for the system to detect the aborted backup and initiate backup cleanup procedures, so this message may be generated if an attempt was made to backup a storage group before a previous backup attempt had fully terminated.) 

owkay, something is really going wrong

b) a first check on Symantec support and Microsoft Technet leaded to the following suggestions:

– install hotfixes on Windows 2003 box (not relevant as it was fully patched)

– verify AOFO (open file option from Symantec) was installed (you can check this from ackup Exec – Tools – install remote agents and select the Exchange server; it gave a message in this wizard that the open was installed and running successfully; that’s not it

c) Another Microsoft KB (http://support.microsoft.com/kb/930800) suggested to dismount / remount the Exchange database, as well as verifying if VSS engine was running owkay

– dismounting store was not possible, as it alerted me the backup process was running; I made this possible by stopping the information store service (as was suggested as 2nd option in the same article)

Solution: restarting the Information Store or reboot Exchange Server, simple as that

(some further background investigation learned me that the VSS engine gets somehow updated / replaced by the Backup Exec AOFO engine upgrade from 12.5 to 2010, which requires a reboot apparently. Only drawback is that this is not mentioned during the remote agent upgrade…)

/Cheers, Peter

Although you should be familiar with most of these tools already, lot’s of thanks go to Dan Erelis and Eight2One for making a handy overview of all of them, separated per version, in a clearly structured table:

http://eightwone.com/exchange-toolkit/

http://blogs.technet.com/b/danerelis/archive/2010/11/15/exchange-tools-find-what-your-eneed-in-a-easy-reference-guide.aspx

Thanks folks,

Peter

Dear readers,

I know, SP1 for Exchange 2010 has been released already several weeks ago, but for those who are still wondering if the upgrade is worthwhile (for both EX2010 users and previous version users thinking on migration), I made up a list of “my personal SP1 features” that I use for convincing customers to make the switch:

(for a complete overview of Exchange 2010 SP1 features, check the following Microsoft website:)

http://technet.microsoft.com/en-us/library/ff459257.aspx

• Setup from EX2010 SP1 integrated media has now a thick box to install required Windows Roles & Features
• 27 new OWA themes + more customizable than ever
• Change Password features in OWA, even when Password is expired
• SMTP failover with load balancing, where “down transport servers” are being detected and excluded from sending mails
• ISINTEG is back in the picture, although replaced by cmdlets (new-mailboxrepairrequest)
• Public Folder Client permissions are viewable/editable through  EMC
• Directly import PST’s to users archive mailbox using cmdlet (new-mailboximportrequest)
• Delegate access rights to archive mailbox
• Share your Outlook calendar with “everyone” on the internet (no federation needed)

That’ about it.

Stay tuned the next couple of weeks where I go through all details on some of above mentioned features and topics.

Grtz, Peter

Dear all,

One year after the launch of “the-c-spot.org”, I have to admit I didn’t blog that much. I added some posts on my previous blog-site (http://trycatch.be/blogs/pdtit), but due to projects and other time-consuming activities, I didn’t had the time for that.

After attending TechEd 2010 in Berlin last week, I decided on starting blogging again. As promised, technical stuff and day-to-day issues I’m facing on Exchange Server, Forefront Security and Microsoft IT Architecture topics in general will be the foreseen content.

Stay tuned for the latest updates.

Kind regards, Peter