Wednesday, September 19, 2012

Could not load type 'Microsoft.Exchange.Management.Security.AdfsFederationAuthModule'

After installing Exchange 2013 Beta, I got the following error when entering the new web based management console.

Could not load type 'Microsoft.Exchange.Management.Security.AdfsFederationAuthModule'.

  Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

To resolve this I installed the following features:

-          Windows Identity Foundation 3.5

Do a IIS reset, and it should work.

WIF3.5 is a requirements for Exchange 2013, but is not installed as part as the installation. This might be a bug in the beta. The link below describes the requirements:

Friday, September 14, 2012

Enterprise Vault Client and Outlook 2013

Today I needed an attachment in my Outlook 2013, but the attachment was archived with Enterprise Vault. And I’m quite feed up for the need to use OWA to get my attachments.

As we all know, Symantec are quite slow to support new software, and to release updates and betas to support new software like Office 2013.

So I decided to install the EV client 10.0.0 on my Win8 computer with Office 2013. A walk in the park J

This is the way I did it:
  1. Get hold of the .msi file for the Outlook EV Client
  2. Edit the .msi in Orca, and find the following tables:
  3. Table: InstallUISequence and remove the following row: ErrOutlook11NotInstalled
  4. Table: ReqLocator and change the following keys to Software\Microsoft\Office\15.0\Outlook (Should be 2 entries)
  5. Save .msi
  6. Install .msi with privileges
  7. Start Outlook and verify that the plugin is visible in Outlook
  8. You are now able to restore the archived e-mails. Nothing else works, so OWA is still neded to search the Archive :(





Thursday, September 15, 2011

UAG NLB VIP error code 0xC0040352

Today I troubleshoot a UAG NLB installation. Creating the array was no problem, but I was unable to assign the external VIP on in the NLB. But I was able to assing it to the internal NIC....
The error that was given to me was:

NLB Settings could not be configured (0xC0040352).

After some troubleshooting, I found this page:
which gave an description of the error message:

"The specified virtual IP address VirtualIpAddress is not contained in the NetworkName network, in which the Network Load Balancing cluster resides."

I ran the network assignment wizard again and verified that the external nic was tagged as external, and the internal nic was tagged as internal, and that the IP addresses was correct.
Still no go!

I stated the TMG config tool, and under networks I found that on the internal Network that and IP range for 1-127 was added with all the defined internal networks.

I cleaned up all the addresses that not is internal, saved the config, and started the UAG NLB wizard again.

It now worked like a charm!

Wednesday, March 30, 2011

Generate Computer names in MDT 2010/SCCM - Update

I've created an advanced stored procedure. The new stored procedure build on the last one that has the OU assignment , but the new one gives you the possibility to have different prefix on you computers based on location. It is also possible to have custom sequence for each location, so all your computers on location A could be named PC-Location(A)-Type*-Sequence(00001), PC-Location(A)-Type*-Sequence(00002), and PC-Location(B)-Type*-Sequence(00001),PC-Location(B)-Type*-Sequence(00002).

If you want to have computer type (Desktop,laptop,VM) in your computer name. You can easily add the following in the stored procedure:

In the IF @isvm/isdesktop/islaptop sequences add the following:
Set @type=’L’ or ‘D’ or ‘V’
(If you want the computer names for laptops to contain an L to identify that its a laptop, D for desktop and V for Virtual.

You also have to add the following in the Set @newname
set @newname = @prefix '+' @type '+' etc.....

These changes have to be made on all three IF statements for each computer type, a total of 6 entries. 2 per IF statement.

The files can be downloaded here:

Tuesday, March 29, 2011

Access is denied Windows 7 Offline files (CSC)

These last couple of days I’ve been troubleshooting offline files in Windows 7. At a customer we are building a new OU structure and new GPO policies for Windows 7 (the old ones are old Win2000/xp, and really need to be updated).

The new GPO for Windows 7 is defined to allow offline files, transparent caching, when to synchronize and encryption of offline files and are linked on the computers OU. The user GPO has the automatically offline redirected folders.

Today, the Windows 7 computers are configured with Offline files, and everything is working as normal. (Pretty much the same configuration as we have created, but they are created for WinXP)

When we move a computer and user to the new OU structure and the new GPOs are applied, we get an “access is denied” when we try to edit files in the CSC Cache. We are able to create files, but not able to edit them… When we move the computer back to the old OU and GPO everything works normal.

If we turn off encryption of offline files in the new OU structure everything works normal, and creating and editing is fine.

After digging around, I found that the DRA (Data Recovery Agent) certificate (Default created when installing a domain) had expired in 2003…. (time to renew...)

I utilized the existing PKI and created a new DRA and tried again. But I still got the “Access is denied” when the computer was placed in the new OU and got the new GPOs.

Since the default DRA had expired in 2003 and the computer associated with the private key has been recycled to car parts, I deleted it from the Domain Policy. So only the new DRA certificate was available.

When the client got the new GPO with only one valid DRA, everything worked like a charm.

During the troubleshooting I saw some status issues in the sync center. When I got the “access is denied” messages I saw that in Sync Center->Manage Offline Files->Encryption had a statuslike "not all of the offline files are encrypted."

After the DRA fix up was done, the status of Encryption was like "all offline files is encrypted"!

Why it worked with the old policies I haven’t quite understood.

Tuesday, March 15, 2011

Generate Computer names in MDT 2010/SCCM based on prefix and a sequence number including OU assignment

I must admit MDT and SCCM works nice together, but it lacks some features like auto generating names(sequentially) and dynamically assigns clients to OU based on multiple criteria’s (at least what I know…)
What I’ve been struggling with the last days are to auto generate names to unknown computers being installed with a new Win7 image. I came across
Which solved my naming issue… Good work Johan Arwidmark:)

But I still had one issue left; the OU structure is more complex than just location or type. I need to put the computers in an OU structure based on location and type of client.
The OU structure is like this; OU=ComputerType,OU=Computers,OU=Location, DC=domain,DC=local.
To resolve this issue, I’ve expanded the stored procedure Johan created, and created an extra table to store the following info:
  • Location – The name of you Location example: New York
  • Gateway IP – The same as MDT. What Gateway identifies the New York location
  • Shortname – The shortname of location for use in computername example: NY
  • BaseOU – the OU string for this location: OU=Computers,OU=New York,OU=Locations,DC=domain,DC=local
To populate the information you want to use for generation, you have to use SQL Management Studio to add information to the table.

In addition you need to change the MachineObjectOU column in the MDT settings table to more than 50 characters. I used 255 since I know my OU paths aren’t longer than that. But in my case 50 characters are too short.

Based on the information above the stored procedure will create a computer name sequentially in the following format PCLOCATIONSEQUENCE, example PCNY00001. The computer account will also be created in the OU=Laptop,+BaseOU or OU=Desktop,+BaseOU or OU=VM,+BaseOU based on the %islaptop%, %isdesktop% or %isvm% parameters in MDT.

To change the naming convention for the computer name, edit the stored procedure to change the order or add hyphens (-) for segmentation.

In the MDT/SCCM task sequence you need to use the %OSDDomainOUName% and not the %machineobjectOU%

I’m not a SQL guy, so the code might be a mess, but it’s working. I’ll try to rewrite the procedure to optimize the code. But I don’t know when it will be finished.

Download files here:

Run the scripts on you MDT database and add the following configure to your current Customsettings.ini:

Priority=IdentifyComputer, CSettings

Parameters=UUID, AssetTag, SerialNumber, MacAddress

Parameters=MacAddress, DefaultGateway,Islaptop,IsDesktop,IsVM

Monday, January 31, 2011

Routing Group Connector - Loop condition 2010

Today I’ve been troubleshooting a looping condition on a Exchange 2003 -> 2010 transition. The mail flow from Exchange 2010 -> 2003 is working fine, and with a new SMTP connector for internet mail the Exch2010 is able to send to the internet.

But one thing does not work, and that is mail flow between the Exc2003 and Exc2010. No NDRs, nothing is reported back from the system, but the mails are located in the “Messages queued for deferred delivery”queue. When the SMTP service is stopped, I receive a NDR for the messages saying it’s a loop:

Your message did not reach some or all of the intended recipients.
Subject: Test 11
Sent: 5/01/2010 3:34 PM
The following recipient(s) could not be reached: on 5/01/2010 3:34 PM
A configuration error in the e-mail system caused the message to bounce between two servers or to be forwarded between two recipients. Contact your administrator.

The exchange 2003 organization does not have other routing group connectors, and is not using Smarthost for outgoing emails. The Exc2010 RoutingGroupConnector created during install has been deleted and recreated to see if that did the trick, but it didn’t.

It turns out that the Exc2003 cluster had 2 SMTP virtual servers, where as one was stopped due to some old errors, and the on the routinggroupconnector this was the SMTP server used. I could not find any powershell parameters to define a different SMTP virtual server, so I had to use ADSIEDit to change the default SMTP virtual server on the connector. Thanks to Winroute for giving me a red cross on the RoutingConnector, and sending me in the direction of multiple SMTP servers.

After changing this and wait for the Exchange to pick up the config from AD, mail flow is now working both ways between Exc2003<->Exch2010.