Microsoft is on a roll this week. Not only do we now have the role requirements calculator for Exchange 2013, but now we have the management pack for Exchange 2013. For many larger organizations that use System Center Operations Manager this was a critical components before considering the deployment of Exchange 2013.
Thursday, May 16, 2013
Wednesday, May 15, 2013
Exchange 2013 Hybrid Configuration Wizard Fails
Several weeks ago I was working on a project where we were implement a hybrid environment using Exchange 2013 as the hybrid servers for an existing Exchange 2010 environment. Adding Exchange 2013 went pretty smoothly overall and I thought the hybrid wizard would be the easy part.
When we ran the hybrid configuration wizard and selected the certificate, we got the following error:
The client had obtained an extended validation certificate that included a lot of additional information in the subject such as a long organization ID. After replacing the extended validation certificate with a standard certificate it completed without any problems.
When we ran the hybrid configuration wizard and selected the certificate, we got the following error:
The length of the property is too longWhat a delightfully vague response. Well, after several days working with Office 365 tech support, the client was able to identify that the subject in the certificate was too long. The certificate was perfectly valid, but the hybrid configuration wizard was unable to handle the subject length.
The client had obtained an extended validation certificate that included a lot of additional information in the subject such as a long organization ID. After replacing the extended validation certificate with a standard certificate it completed without any problems.
Exchange 2013 Role Requirements Calculator - RELEASED!
At long last, the Exchange 2013 Role Requirements Calculator has been released. Any Exchange 2013 deployments up to this point have been based on educated guesses. Now we have official guidance from Microsoft.
Sunday, April 28, 2013
Activate Exchange 2010 for SBS 2011
When you install SBS 2011, the Exchange Server 2010 installation should be activated automatically. However, in some cases, you it might not be. Typical situations where Exchange 2010 is not activated automatically include:
- Manual removal and installation of Exchange Server 2010
- Active Directory communication problems during installation
Wednesday, April 17, 2013
Error Installing Dirsync with FullSQL Option
Normally when you install Dirsync for account synchronization with Office 365, you let it install and configure a local instance of SQL Express. However, in large environments (over 50,000 accounts or so), you need to use a full version of SQL server to support a larger database and more memory.
To install Dirsync for a full version of sql, you need to use the following command-line to install:
When you run the psc1 file from Windows Explorer, it does not open with administrative privileges even if the account you are using is an administrator. You need to run the install shell as Administrator or you will get an error like the following:
Detailed steps for installing Dirsync are here:
Note that the detailed steps in the link above imply that you will be prompted for service credentials for Dirsync. In our installation, that was not the case, a local user account was created automatically and used for the service account because it was a local instance of SQL and network communication is not required between SQL and Dirsync. You will be prompted when using a remote instance of SQL and using the -ServiceCredential parameter because network communication requires and Active Directory account.
To install Dirsync for a full version of sql, you need to use the following command-line to install:
dirsync /fullsqlAfter following the wizard to install Dirsync to the correct location, you still need to do some configuration. You specify the location of the SQL Server by using the Dirsync Install Shell. You start this PowerShell prompt by running C:\Program Files\Microsoft Online Directory Sync\DirsyncInstallShell.psc1. Then for a local SQL instance, you run:
Install-OnlineCoexistenceTool -UserSQLServer -Verbose
When you run the psc1 file from Windows Explorer, it does not open with administrative privileges even if the account you are using is an administrator. You need to run the install shell as Administrator or you will get an error like the following:
Install-OnlineCoexistenceTool : Local Administrator permissions are required to install the Windows Azure Active Directory Sync tool. Supplied credentials are not valid domain\username.When you right-click DirsyncInstallShell.psc1, you do not get the option to Run as administrator. Instead, open a normal PowerShell prompt as administrator and the run DirsynInstallShell.psc1 manually from within the prompt. This provides the necessary elevated privileges to complete the configuration.
Detailed steps for installing Dirsync are here:
Note that the detailed steps in the link above imply that you will be prompted for service credentials for Dirsync. In our installation, that was not the case, a local user account was created automatically and used for the service account because it was a local instance of SQL and network communication is not required between SQL and Dirsync. You will be prompted when using a remote instance of SQL and using the -ServiceCredential parameter because network communication requires and Active Directory account.
Saturday, March 30, 2013
Paging File Error in Hyper-V Virtual Machine
I'm experimenting with Hyperoo Backup software for Hyper-V virtual machines at some clients. Hyperoo analyzes the virtual disk files and sends changes to a backup copy. I rather like it so far.
To minimize the changes inside the VM disks, I've be moving the paging file to a separate virtual disk. We can then exclude this disk from the backup process.
One one VM (and only one) we got the following error:
So, in this case, the easy fix was to move the paging drive to be an IDE disk and all was good.
Microsoft has a knowledge base article to this effect:
To minimize the changes inside the VM disks, I've be moving the paging file to a separate virtual disk. We can then exclude this disk from the backup process.
One one VM (and only one) we got the following error:
Windows created a temporary paging file on your computer because of a problem that occurred with your paging file configuration when you started your computer. The total paging file size for all disk drives may be somewhat larger than the size you specified.It turns out that on this particular virtual machine, we needed a total of four virtual disks. This combined with the virtual DVD drive meant that we needed to use SCSI disks in the VM. In a Hyper-V VM, you cannot place the paging file on a virtual hard drive on the virtual SCSI bus. The virtual SCSI bus is not available early enough in the boot process.
So, in this case, the easy fix was to move the paging drive to be an IDE disk and all was good.
Microsoft has a knowledge base article to this effect:
Wednesday, March 13, 2013
Cached Credentials for a Mac using AD
When you have a laptop computer, you want to be able to use the same logon credentials when you are in the office as when you are on the road. With a Windows-based laptop, this is accomplished by cached credentials. The cached credentials on a Windows computer are automatically created the first time you log on. A network administrator can disable this, but it is enabled by default.
On a Mac that logs on using AD credentials, you can get similar functionality by enabling the option "Create mobile account at login" in the Directory Utility that you use to configure AD connectivity for the MAC. When this option is enabled, the local mobile account is enable the first time the user logs on by using AD credentials.
Many times, no one thinks of this option until after the user has already logged on. In such a case, you need to log on as root and manually create the mobile account by using createmobileaccount. It is located in /System/Library/CoreServices/ManagedClient.app/Contents/Resources/.
On a Mac that logs on using AD credentials, you can get similar functionality by enabling the option "Create mobile account at login" in the Directory Utility that you use to configure AD connectivity for the MAC. When this option is enabled, the local mobile account is enable the first time the user logs on by using AD credentials.
Many times, no one thinks of this option until after the user has already logged on. In such a case, you need to log on as root and manually create the mobile account by using createmobileaccount. It is located in /System/Library/CoreServices/ManagedClient.app/Contents/Resources/.
createmobileaccount -n Bob -p Pa$$w0rdA couple of links with additional info:
Subscribe to:
Posts (Atom)
