Tuesday, March 3, 2015

High Disk Utilization on SBS 2011

High disk activity on SBS 2008 and SBS 2011 is an ongoing concern for our clients. Just yesterday, we had an SBS 2011 server with so much disk activity that it slowed down the Hyper-V host so that all VMs were not performing properly.

To diagnose this issue, use Resource Monitor to view the Queue Length. When there is a problem the Queue length for a drive will be high and sustained. The % Active Time will also be high. These indicate that the disk is busy and has a backlog of work to perform.

It's important to note that the actual disk I/O may not be that high. In our case, the Disk I/O was less than 10 MBps which is far less than the disk system is capable of. The Disk I/O can be low but the disks busy when many small operations are performed.

The fix for this is almost always recreating the SBS Monitoring database. The SBS Monitoring database grows over time and eventually becomes a performance issue. We don't use any historical information in that database. So, removing it and recreating it is a good solution for us. It's a 10 minute fix that lasts for about a year before needing to be done again.

Microsoft instructions for how to recreate the SBS Monitoring database are here:
You can verify that the SBS Monitoring database is the issue by stopping theSQL Server (SBSMONITORING) service. After stopping that service, you should see disk activity slow down significantly.

On a physical host, the SBS Monitoring database will cause high Disk I/O on the C: drive. On a hyper-V host, the SBS Monitoring database will cause high Disk I/O on the physical drive that is hosting the C: drive VHD for SBS. Monitoring Disk I/O inside of a virtual machine will not be accurate.

Sunday, March 1, 2015

Office 365 Deleted Item Retention

Microsoft recently announced that deleted item retention in Office 365 will now default to indefinite. Until now, items in Deleted Items were removed after 30 days. This was announced here:
Microsoft indicates in this blog that it's implemented based on ignoring Deleted Items if the policy name is the default name. I just migrated my mailbox to O365 and it appears that while items directly in Deleted Items are no longer removed after 30 days, items in subfolders are still removed.

In my newly migrated mailbox I had some old subfolders that had been removed and were in Deleted Items. There is no longer any content in those folders but all of the items directly in Deleted Items have been retained.

ActiveSync Settings for Office 365

Our office email system has been running in hybrid mode for the last year or so. That was mostly for us to do testing related to client projects. This weekend we moved all of our accounts to Office 365.

Autodiscover worked well for the Outlook clients, but not for the phones. For our Android phones we removed the existing account and readded the account. My Galaxy S4 did not do failover in autodiscover properly from our on-premises autodiscover to Office 365 autodiscover. So, I ended up manually configuring the ActiveSync account.

If you are manually configuring the ActiveSync account for Office 365, the server name is:
  • outlook.office365.com

Thursday, February 26, 2015

Roaming for Canadians (and Americans) in Mexico

Here's the problem. Canadians like to vacation in Mexico, but the Canadian cell phone providers do not have any reasonable data plans for roaming in Mexico. Roam Mobility is advertising Mexico service now, but it's really T-Mobile roaming and is still stupid expensive.

Option 1 is to get a SIM card from a local provider while you are in Mexico. If you speak spanish, this could work well for you. You'll need to find a cell phone provider, get a prepaid SIM card, and then go through the activation process.

Option 2 costs you about $10 more, but they ship you the SIM card ahead of time and it's already activated. I chose option 2 which is www.mexicosimcard.com. They charge $20 for the SIM card instead of the $10 that the local provider charges. In my mind it's well worth it to have a card that just plain works.

You need to have your phone unlocked to use the SIM card, but assuming that is done, all you need to do is swap out the SIM card and you're good to go. For about $100, I had 3 GB of data 3 hours of talk time back to Canada and the US.

It was nice to have connectivity when not on resort Wifi and used it to call a cab once and back home once also. Also used tethering to let the kids play Minecraft together when the resort Wifi limited the number of devices.

The SIM cards are on the Telcel network. I was in the Mayan Riviera and had excellent coverage. You should verify coverage if you are traveling to a a different area. Mexicosimcard.com suggests verifying with http://opensignal.com/. Telcel has their own coverage maps, but their documentation is in spanish.

Thursday, January 29, 2015

Script to Remove Old IIS Logs

One of the ongoing issues I seem to run into is Exchange servers running low on disk space for the C: drive. When this happens messages stop flowing because Exchange doesn't want to run out of disk space.

Much of the time, the disk space on C: is being eaten up by IIS logs. IIS does not have any functionality to automatically delete old logs. So, I've seen servers with years of logs stored in C:\Inetpub\Logs\.

Here is a script that you can schedule as a task to remove old IIS log files:
# Adjust these two variables
$iisLogDir = "C:\inetpub\logs"
$deleteAfterDays = 14

#calculate date for deletion
$removeDate = (Get-Date).AddDays(-$deleteAfterDays)

#Delete Files
Get-ChildItem -Path $iisLogDir -Recurse -Force | Where-Object { !$_.PSIsContainer -and $_.CreationTime -lt $removeDate } | Remove-Item -Force
This calculates the age of the file based on the creation time. If you want it to be based on modified time use $_.LastWriteTime instead.

The Where-Object command uses !$_.PSIsContainer (not container) to skip directories and only select files.

Friday, January 23, 2015

Elevate to Administrator from a PowerShell Script

I haven't tested it out yet, but here is a link to code that will raise the prompt to admin credentials if you didn't when you started it:

Monday, December 29, 2014

Unhealthy Directory Synchronization Notification - Expired Credentials

As you may be aware, when there are issues with Dirsync connecting to O365, you get an Unhealthy Directory Synchronization Notification email. The email doesn't provide any information other than to check the event logs. I got this notification for my test environment recently.

I happened to have the Synchronization Service Manager (miisclient.exe) open on my Dirsync server and looked in there first. The Active Directory Connector had a status of Success, which is expected. So, all good on the local side. However, the Windows Azure Active Directory Connector had a status of "stopped-extension-dll-exception".

The Application event log gave more information:
  • Directory Synchronization, Event ID 115 - Access to Windows Azure Directory has been denied
  • Directory Synchronization, Event ID 0 - Update your password and try again
  • Directory Synchronization, Event ID 655-  Failed credential provisioning ping
The cause of my error was an expired password on the account I was using for directory synchronization. I was using a dedicated cloud account in Office 365 that I was not monitoring. The password for the account expired and was not allowing authentication for the account.

The fix was to perform the following:
  1. Log in to Office 365 as an administrator and reset the password for the directory synchronization account.
  2. Update the password in Dirsync.
To update the password in Dirsync, you can run Directory Sync Configuration again. However, instead, I updated the credentials in Synchronization Service Manager. To do this in Synchronization Service Manager, use the following steps:
  1. Open Synchronization Service Manager (miisclient.exe).
  2. In Synchronization Service Manager, click Management Agents and double-click Windows Azure Active Directory Connector.
  3. In the Properties window, click Connectivity.
  4. On the Connectivity page, update the Password and click OK.
  5. Run Start-OnlineCoexistenceSync (or wait for Dirsync to do it automatically)

Update Dirsync Credentials

The long term fix for this issue to prevent the Dirsync credentials from expiring on the account. In the graphical interface of O365 management, you can configure a password expiration policy for all cloud accounts but not individual cloud accounts. To set the password expiration policy for a single account, you need to use Windows PowerShell and the command Set-MsolUser -UserPrincipalName -PasswordNeverExpires $true.

A complete set of instructions is here: