Exchange 2010 with UAG and Moving Mailboxes to o365

Came across this the other, when moving mailboxes from Exchange 2010 to Office 365.

The move works, but takes a hell of a long time.  If you look in the move logs you see:

Transient error MrsHttpInternalServerErrorException has occurred.

It would appear that UAG has a limit of some kind that is causing these errors.

I have not tried this, however Microsoft suggest you can try create following registry key on the UAG servers.

 “HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\e-Gap\von\UrlFilter\InconsistentCookieThreshold”
 DWORD
 Value: 30 (Decimal)

Microsoft suggests that this registry key should be removed from the servers, after completing the mailbox migration task.

Activate the UAG server configuration after applying this registry key and then do “IISreset” on all UAG servers.

#Lync Ignite

So, just finished the 5 day Lync Ignite at Global Knowledge, and it was okay.  The labs are really good (when they work) and the courseware is okay (a lots of sales stuff and not updated for RTM!)

So here are some of the links and ramblings I made … enjoy

Links

Takeaways

  • Private line – can only receive calls .. Can’t make them.
  • Bandwidth 1 hd session = t1
  • MMC gone, now silverlight. No right click!
  • Lync Standard Edition – all roles and SQL on same server.
  • James O’Neil OCS powershell module!
  • RBAC used for permissions
  • Call park to park Lync calls
  • Potentially 50% reduction in severs when you virtualise
  • CMS = SQL
  • Lync will have NO service packs?!
  • Test call option in the lync client
  • LIS used for location services
  • Zero Day is a new book by Mark Russinovich
  • DNS LB: Client gets all the dns addresses and works out which on to use.
  • SBA: cheaper than having a separate lync server

Powershell

  • Powershell is a Microsoft task automation platform
  • Powershell v3 is coming

Import-module lync
(get-help *-cs*).count
Out-host –paging
Import-module ActiveDirectory

Installation

  • Install-CSAdServerSchema
  • Enable-CSAdForest
  • Enable-CSAdDomain

#PowerShell Certificates

Found this today, and its bloody great!


Hey, Scripting Guy! How can I use Windows PowerShell and the .NET Framework classes to work with certificates?

http://blogs.technet.com/b/heyscriptingguy/archive/2011/02/16/use-powershell-and-net-to-find-expired-certificates.aspx

Playing with #Excel

This is damm clever.  So I have a spreadsheet with a month on each sheet.  I created a summary sheet, and wanted to have a formula on the summary sheet that was clever enough to look at the column heading and reference the related sheet.  I found this website: http://www.mrexcel.com/archive/Dates/23944.html

Summary Sheet

C

2

01/01/2011

3

=SUM(INDIRECT(TEXT(C$2,”mmm”)&”!$C$3:$C$5″))

Jan Sheet

C

3

500

4

500

5

600

How wicked it that! Well it made my day anyway

Office Communicator Configuration Information

Blimey this is good!


Source: http://communicationsserverteam.com/archive/2009/04/08/400.aspx

Administrators, users and troubleshooters value the possibility in Outlook 2007 to get status about the connections: by holding the ctrl key while right clicking the Outlook icon in the notification area and choosing “Connection Status” (see also http://office.microsoft.com/en-us/outlook/HP010363941033.aspx).

With the new R2 version of the client, Microsoft introduces a similar dialog for Office Communicator 2007 R2. Hold Ctrl while right clicking the OC 2007 R2 icon in the notification area, choose “Configuration Information…”

Windows Vista Service Pack 1 Management Tools update for the release version of Hyper-V

How cool is this, dunno y I didn’t think of looking for it before. Both 32 and 64 bit versions are available.


Source: http://support.microsoft.com/default.aspx/kb/952627

The Windows Vista Service Pack 1 Management Tools update for the release version of Hyper-V is now available from the Microsoft Download Center. This update package installs the management tools for the release version of Hyper-V technology on a computer that is running Windows Vista Service Pack 1 (SP1).


The only additional thing I needed to do was follow this: http://technet.microsoft.com/en-us/library/cc794756.aspx

undelete

Tom sent me some interesting links just in case you toast e2k7 users by mistake :-| Not tested this yet, but might just for the fun of it in my lab

Undelete the OU/Users/Groups via ADRestore.net (http://blogs.microsoft.co.il/files/folders/guyt/entry12573.aspx)

– or –

ADRestore v1.1 (http://technet.microsoft.com/en-us/sysinternals/bb963906.aspx & http://support.microsoft.com/?kbid=840001)

Then reset password, enable account and re-attach the mailbox.

http://exchangeshare.wordpress.com/2008/04/27/cant-see-deleted-mailbox-in-disconnected-mailbox-under-recipient-configuration/

Exchange 2007 Self Signed Certificate

Couldn’t work out why my Outlook stopped working, then i worked it out .. the damm self signed cert has expired … (has it been a year already!)

So my thanks Bharat for this: http://exchangepedia.com/blog/2008/01/exchange-server-2007-renewing-self.html but I had to add some stuff to get it work properly!!!

[PS] C:PS>Get-ExchangeCertificate

Thumbprint                                Services   Subject
———-                                ——–   ——-
B21AF4199919173F7A4D836ECE00F484EFD2E270  …W.      CN=flaphead.dns2go.com,…
5C31EA83FC2FFE67B2BAB2136B7BC471B1C74038  IP…      CN=MSX, DC=flaphead, DC…
417E5CED6161B185A122839911E13FB4CCD82C24  IP..S      CN=msx

[PS] C:PS>Get-ExchangeCertificate -DomainName flaphead.dns2go.com

Thumbprint                                Services   Subject
———-                                ——–   ——-
B21AF4199919173F7A4D836ECE00F484EFD2E270  …W.      CN=flaphead.dns2go.com,…

[PS] C:PS>Get-ExchangeCertificate -DomainName flaphead.dns2go.com | fl

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {flaphead.dns2go.com}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=MSX, DC=flaphead, DC=local
NotAfter           : 17/01/2009 10:46:55
NotBefore          : 17/01/2008 10:36:55
PublicKeySize      : 1024
RootCAType         : Registry
SerialNumber       : 610843C8000000000002
Services           : IIS
Status             : DateInvalid
Subject            : CN=flaphead.dns2go.com, OU=Flaphead, O=Flaphead, L=London,
                      S=London, C=GB
Thumbprint         : B21AF4199919173F7A4D836ECE00F484EFD2E270

So you need to find the old cert and create a new one

[PS] C:PS>Get-ExchangeCertificate -DomainName flaphead.dns2go.com | New-ExchangeCertificate –PrivateKeyExportable $True

Confirm
Overwrite existing default SMTP certificate,
‘417E5CED6161B185A122839911E13FB4CCD82C24’ (expires 02/12/2008 20:22:37), with
certificate ‘581F669862218D36C2209DE47C899D4C758B352C’ (expires 17/01/2010
13:13:07)?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help
(default is “Y”):a

Thumbprint                                Services   Subject
———-                                ——–   ——-
581F669862218D36C2209DE47C899D4C758B352C  …..      C=GB, S=London, L=Londo…

Now you need to enable it

[PS] C:PS>Enable-ExchangeCertificate -Thumbprint 581F669862218D36C2209DE47C899D4C758B352C -Services IIS

Sweet, now test.  I had to log on to OWA to check the cert.  I then added it to my trust root via IE.  After this Outlook worked okay!

Once your happy you can remove the old one BUT As I am a cheap skate, I need to upload the cert to my windows mobile device too … maybe I should look at getting a proper cert :-| to the theory goes that you need to export the cert

[PS] C:PS> Export-ExchangeCertificate -Path c:export.pfx -Thumbprint  AA7368BEC3BCEED86308B0EDE73368F71A02DD06 -BinaryEncoded:$true -Password:(Get-Credential).password

But this didn’t work when I added the cert to my WM6 device, agggggggghh :-o so using IIS admin I checked the Microsoft-Server-ActiveSync virtual directory and made sure the cert was okay (I had to import the exported cert to the certificate root).  Then I went to the default website and exported the cert to disk and imported that to my WM6 device.  Result at last, back to normal …. just need to remember these steps next year!!!

Note to self, install isa and get a commercial cert!

Performance counters and thresholds for Exchange 2007

So I just stumbled upon this blog … very interesting and one for adding to your favourites for when you need it.

How to disable the "Sent by Microsoft Exchange Server 2007" branding sentence in an Exchange Server 2007 DSN message

So Anderson posted this, and my initial thought was huh?  The KB didn’t really explain either, so it was time for a test.

 So the KB will allow you to remove the circled text below:

And it’s a nice simple PowerShell Command:

Set-TransportConfig WritingBrandingInDSNEnabled $false

But you do need to have Exchange 2007 SP1 with RU3