Author: Ward

Removing the Browser Choice option During deployment with MDT 2010

The Deployment Guys created a nice script to remove the Browser Choice option.

If you are in the European Union, you will have seen the installation of the Browser Choice option from Windows Update. This is a good thing if you are a consumer, however if you are managing Volume Licensed (VL) builds and you don’t want the Browser Choice in your deployment image.
But you do want to make use of the MDT 2010 ability to go off to Windows Update or your WSUS Server and install patches automatically during your deployment task sequence.

Check HERE how to config MDT to use your WSUS server

MDT 2010 comes with a number of task sequence templates. The one I used many times is the standard client task sequence template. As part of this template there are two tasks for applying Windows updates (Pre-Application Installation and Post-Application Installation).
These tasks are really useful as part of the deployment of a client machine because you have always an up to date image.

TS

As part of this automated Windows Update process KB976002 will be downloaded and installed giving the options shown below in your core image.

image

Recently KB2019411 has been released which provides information about the Browser Choice update for system administrators who are in managed environments that are under a Volume Licensing program . De Deploymentsguys have created a MDT based script for implementing the suggestions in the article KB2019411. Adding the registry entries to control the display of the Browser Choice screen and to remove the Browser Choice icon from the desktop.

The script (CFG-HideBrowserChoice.wsf) should be placed in the MDT Distribution Share\Scripts folder and then a “Run Command Line” task should be added to your image engineering task sequence (after the last Windows Update task but before the sysprep and image capture tasks). The command you should run is cscript.exe CFG-HideBrowserChoice.wsf.

An example of this is shown below.

ts2

When the task runs, the script will turn off the Browser Choice and removes the icon from the desktop. You will also find a log file that the script generates in the usual MDT log location (MININT\SMSOSD\OSDLOGS\CFG-HideBrowserChoice.log)

You can get the CFG-HideBrowserChoice.wsf script from the Deployment Guys SkyDrive by clicking HERE

Tested and I worked great

Source: blogs.technet.com

Free Hyper9 GuessMyOSToo Plug-in for VI3 and vSphere4

This plug-in replaces generic VM icons in the VI3 and vSphere4 client inventory trees with OS-specific icons for both Windows and Linux guests.

gos-02
System Requirements
The only requirement is Virtual Center 2.5 or higher. The Hyper9 product is NOT required.

Download HERE

Update 1 for Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 1

Microsoft released some days ago Forefront TMG Update 1:

SafeSearch Enforcement. Forefront TMG can enforce blocking adult text, images and videos from search results by popular search engines. SafeSearch can be enforced on specific groups or to the entire organization.
Including non-primary URL filtering categorizations. Forefront TMG uses an algorithm to select a URL’s “primary” category from among up to four categorizations provided by Microsoft Reputation Services (MRS). In Update 1 you can control access to sites that match any of the non-primary categorizations provided by MRS. For example, a URL with a primary categorization of News can now match a rule by any of its non-primary categorizations (such as Web Mail).
Support for Exchange 2010 SP1
Bug fixes and various other improvements. For details, see http://go.microsoft.com/fwlink/?LinkId=201151.

Download

MDT The task sequence has been suspended.

The error was: The task sequence has been suspended.
LiteTouch has encountered and Environment Error (Boot into WinPE)

I had a strange problem with MDT. When I booted the in WinPE.

Rebooting and again started the WinPE image did nothing same error again.

Solution is very simple.

You have to remove two directory’s C:\_SMSTaskSequence\nul  and C:\MININT

After that you can resume deploying the OS TaskSequence you want.

For sure I cleaned the Disk with Diskpart.

Rollup 1 for Exchange Server 2007 Service Pack 3

Microsoft had released some day’s ago Rollup 1 for Exchange Server 2007 Service Pack 3

In this release two important things are fixed when you have a CCR Cluster
– Log Truncation is failing on a CCR cluster after installing SP3
– Exchange Writer should return TRUE for retry able errors

The whole list with fixes can you find HERE

Download Rollup 1 for Exchange Server 2007 Service Pack 3 HERE

Storage Calculators for System Center Data Protection Manager 2010

Microsoft has released some new sizing calculators for DPM 2010.

DPM_2010_Storage_Calculator_for_Exchange_2010.xlsx

DPM_2010_Storage_Calculator_for_Hyper-V.xlsx

DPM_2010_Storage_Calculator_for_SharePoint.xlsx

Passed the 70-663 Designing and Deploying Messaging Solutions with Microsoft Exchange Server 2010 Exam

Last Friday I passed the 70-663 Designing and Deploying Messaging Solutions with Microsoft Exchange Server 2010 Exam with 981 points.

So I am very pleased with it. Last month’s I’m working a lot with Exchange 2010. I love the product. Last Friday evening I updated a customer DAG cluster to SP1. Next moth starting moving the 2000 mailboxes from Exchange 2007 tot Exchange 2010.
image_thumb

Exchange 2010 SP1 Prerequisites

Some day’s ago Microsoft Releases Exchange 2010 SP1. When you install Exchange 2010 SP1 you need to install some hotfixes. The Exchange Team have made a nice over view witch hotfixes you need for the OS.

Hotfix Download Windows Server 2008 Windows Server 2008 R2 Windows 7 & Windows Vista
979744
A .NET Framework 2.0-based Multi-AppDomain application stops responding when you run the application		 MSDN
or Microsoft Connect		 Windows6.0-KB979744-x64.msu (CBS: Vista/Win2K8) Windows6.1-KB979744-x64.msu (CBS: Win7/Win2K8 R2) N. A.
983440
An ASP.NET 2.0 hotfix rollup package is available for Windows 7 and for Windows Server 2008 R2		 Request from CSS Yes Yes N.A.
977624
AD RMS clients do not authenticate federated identity providers in Windows Server 2008 or in Windows Vista. Without this update, Active Directory Rights Management Services (AD RMS) features may stop working		 Request from CSS using the “View and request hotfix downloads” link in the KBA | US-English Select the download for Windows Vista for the x64 platform. N.A. N.A.
979917
Two issues occur when you deploy an ASP.NET 2.0-based application on a server that is running IIS 7.0 or IIS 7.5 in Integrated mode		 Request from CSS using the Hotfix Request Web Submission Form or by phone (no charge) Yes N. A. N. A.
973136,
FIX: ArgumentNullException exception error message when a .NET Framework 2.0 SP2-based application tries to process a response with zero-length content to an asynchronous ASP.NET Web service request: “Value cannot be null”.		 Microsoft Connect Windows6.0-KB973136-x64.msu N.A. N. A.
977592
RPC over HTTP clients cannot connect to the Windows Server 2008 RPC over HTTP servers that have RPC load balancing enabled.		 Request from CSS Select the download for Windows Vista (x64) N.A. N. A.
979099
An update is available to remove the application manifest expiry feature from AD RMS clients.		 Download Center N. A. Windows6.1-KB979099-x64.msu N. A.
982867

WCF services that are hosted by computers together with a NLB fail in .NET Framework 3.5 SP1

 MSDN N. A. Windows6.1-KB982867-v2-x64.msu (Win7) X86: Windows6.1-KB982867-v2-x86.msu (Win7)
x64: Windows6.1-KB982867-v2-x64.msu (Win7)
977020
FIX: An application that is based on the Microsoft .NET Framework 2.0 Service Pack 2 and that invokes a Web service call asynchronously throws an exception on a computer that is running Windows 7.		 Microsoft Connect N. A. N. A. x64: Windows6.1-KB977020-v2-x64.msu

X86: Windows6.1-KB977020-v2-x86.msu

Some of the hotfixes would have been rolled up in a Windows update or service pack. Given that the Exchange team released SP1 earlier than what was planned and announced earlier, it did not align with some of the work with the Windows platform. As a result, some hotfixes are available from MSDN/Connect, and some require that you request them online using the links in the corresponding KBs. All these updates may become available on the Download Center, and also through Windows Update.

These hotfixes have been tested extensively as part of Exchange 2010 SP1 deployments within Microsoft and by our TAP customers. They are fully supported by Microsoft.

The TechNet article Exchange 2010 Prerequisites is updated with the hotfixes and install the prerequisites required for your server version (the hotfixes are linked to in the above table).

You can use the Install the Windows Server 2008 SP2 operating system prerequisites on a Windows 2008 R2 server. Only you have to run the following powershell command: Import-Module ServerManager

Installed Exchange 2010 SP1 on a Windows 2008 R2 Server with problems. I feels that the MMC is faster. Tomorrow upgrading a DAG/NLB cluster to Exchange 2010 SP1.

Microsoft Exchange Server 2010 Service Pack 1 has been released

Microsoft has released Exchange SP1 Open-mouthed smile.

So What’s New in Exchange SP1:

New Deployment Functionality

During an Exchange 2010 SP1 installation, you can now select a new option to install the required Windows roles and features for each selected Exchange 2010 SP1 server role. For more information, see New Deployment Functionality in Exchange 2010 SP1.

Exchange ActiveSync

In Exchange 2010 SP1, you can manage Exchange ActiveSync devices using the Exchange Control Panel (ECP). Administrators can perform the following tasks:

  • Manage the default access level for all mobile phones and devices.
  • Set up e-mail alerts when a mobile phone or device is quarantined.
  • Personalize the message that users receive when their mobile phone or device is either recognized or quarantined.
  • Provide a list of quarantined mobile phones or devices.
  • Create and manage Exchange ActiveSync device access rules.
  • Allow or block a specific mobile phone or device for a specific user.

For every user, the administrator can perform the following tasks from the user’s property pages:

  • List the mobile phones or devices for a specific user.
  • Initiate remote wipes on mobile phones or devices.
  • Remove old mobile phone or device partnerships.
  • Create a rule for all users of a specific mobile phone or device or mobile phone type.
  • Allow or block a specific mobile phone or device for the specific user.

SMS Sync

SMS Sync is a new feature in Exchange ActiveSync that works with Windows Mobile 6.1 with the Outlook Mobile Update and with Windows Mobile 6.5. SMS Sync is the ability to synchronize messages between a mobile phone or device and an Exchange 2010 Inbox. When synchronizing a Windows Mobile phone with an Exchange 2010 mailbox, users can choose to synchronize their text messages in addition to their Inbox, Calendar, Contacts, Tasks, and Notes. When synchronizing text messages, users will be able to send and receive text messages from their Inbox. This feature is dependent on the user’s mobile phones or devices supporting this feature

Reset Virtual Directory

In Exchange 2010 SP1, you can use the new Reset Client Access Virtual Directory wizard to reset one or more Client Access server virtual directories. The new wizard makes it easier to reset a Client Access server virtual directory. One reason that you might want to reset a Client Access server virtual directory is to resolve an issue related to a damaged file on a virtual directory. In addition to resetting virtual directories, the wizard creates a log file that includes the settings for each virtual directory that you choose to reset. For more information, see Reset Client Access Virtual Directories.

Exchange Store and Mailbox Database Functionality

The following is a list of new store and mailbox database functionality in Exchange 2010 SP1:

  • With the New-MailboxRepairRequest cmdlet, you can detect and repair mailbox and database corruption issues.
  • Store limits were increased for administrative access.
  • The Database Log Growth Troubleshooter (Troubleshoot-DatabaseSpace.ps1) is a new script that allows you to control excessive log growth of mailbox databases.
  • Public Folders client permissions support was added to the Exchange Management Console (EMC).

Mailbox and Recipients Functionality

The following is a list of new mailbox and recipient functionality included in Exchange 2010 SP1:

  • Calendar Repair Assistant supports more scenarios than were available in Exchange 2010 RTM.
  • Mailbox Assistants are now all throttle-based (changed from time-based in Exchange 2010 RTM).
  • Internet calendar publishing allows users in your Exchange organization to share their Outlook calendars with a broad Internet audience.
  • Importing and exporting .pst files now uses the Mailbox Replication service and doesn’t require Outlook.
  • Hierarchical address book support allows you to create and configure your address lists and offline address books in a hierarchical view.
  • Distribution group naming policies allow you to configure string text that will be appended or prepended to a distribution group’s name when it’s created.
  • Soft-delete of mailboxes after move completion

High Availability and Site Resilience Functionality

The following is a list of new high availability and site resilience functionality included in Exchange 2010 SP1:

  • Continuous replication – block mode
  • Active mailbox database redistribution
  • Enhanced datacenter activation coordination mode support
  • New and enhanced management and monitoring scripts
  • Exchange Management Console user interface enhancements
  • Improvements in failover performance

Messaging Policy and Compliance Functionality

The following is a list of new messaging policy and compliance functionality included in Exchange 2010 SP1:

  • Provision personal archive on a different mailbox database
  • Import historical mailbox data to personal archive
  • Delegate access to personal archive
  • New retention policy user interface
  • Support for creating retention policy tags for Calendar and Tasks default folders
  • Opt-in personal tags
  • Multi-Mailbox Search preview
  • Annotations in Multi-Mailbox Search
  • Multi-Mailbox Search data de-duplication
  • WebReady Document Viewing of IRM-protected messages in Outlook Web App
  • IRM in Exchange ActiveSync for protocol-level IRM
  • IRM logging
  • Mailbox audit logging

Technet Exchange 2010 SP1 info
Release Notes for Exchange Server 2010 SP1
What’s New in Exchange 2010 SP1
Downloads:
Microsoft Exchange Server 2010 Service Pack 1
Microsoft Exchange Server 2010 SP1 Language Pack Bundle
Exchange Server 2010 SP1 UM Language Packs
Exchange Server 2010 SP1 Help

Your account in Microsoft Exchange Server does not have have permissions to synchronize with your current settings 0x85010004 or Eventid 1053 Exchange ActiveSync doesn’t have sufficient permissions to create the user container under Active Directory user "Active Directory operation failed on domain controller.

Error: Your account in Microsoft Exchange Server does not have have permissions to synchronize with your current settings.

Afb0021

Eventlog:
image

Exchange ActiveSync doesn’t have sufficient permissions to create the "CN=ward,OU=Users,DC=wardvissers,DC=local" container under Active Directory user "Active Directory operation failed on DC2008-03.ad.local. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
".
Make sure the user has inherited permission granted to domain\Exchange Servers to allow List, Create child, Delete child of object type "msExchangeActiveSyncDevices" and doesn’t have any deny permissions that block such operations.

Because my account has domain admins rights the security settings will be reset every hour by
AdminSDHolder

Each Active Directory domain has an object called AdminSDHolder, which resides in the System container of the domain. The Admin-SDHolder object has a unique Access Control List (ACL), which is used to control the permissions of security principals that are members of built-in privileged Active Directory groups (what I like to call “protected” groups). Every hour, a background process called SDPROP runs on the domain controller that holds the PDC Emulator operations master role. It compares the ACL on all security principals (users, groups and computer accounts) that belong to protected groups against the ACL on the AdminSDHolder object. If the ACL lists aren’t the same, the ACL on the security principal is overwritten with the ACL from the Admin–SDHolder object. In addition, inheritance is disabled on the security principal.

Temporally Solution:

1. Active Directory Users and Computers

image
2. Enable Advanced Features
image
3. Search the User and go to the Security tab.

image
4. Advanced
image

5. Include Inheritable permissions from the Object’s parent
image

Source: Blog

Translate »