To download just click the picture
Category: Microsoft
Microsoft Deployment Toolkit (MDT) 2012 RC1
The Solution Accelerators team released Microsoft Deployment Toolkit (MDT) 2012 RC1 is available for download on Connect now.
Download the MDT 2012 RC1 release now
New features and enhancements:
Support for Configuration Manager 2012 RC2: This update provides support for Configuration Manager 2012 RC2 releases. MDT 2012 fully leverages the capabilities provided by Configuration Manager 2012 for OS deployment. The latest version of MDT offers new User-Driven Installation components and extensibility for Configuration Manager 2007 and 2012. Users now also have the ability to migrate MDT 2012 task sequences from Configuration Manager 2007 to Configuration Manager 2012.
Customize deployment questions: For System Center Configuration Manager customers, MDT 2012 provides an improved, extensible wizard and designer for customizing deployment questions.
Ease Lite Touch installation: The Microsoft Diagnostics and Recovery Toolkit (DaRT) is now integrated with Lite Touch Installation, providing remote control and diagnostics. New monitoring capabilities are available to check on the status of currently running deployments. LTI now has an improved deployment wizard user experience. Enhanced partitioning support ensures that deployments work regardless of the current structure.
Secure Deployments: MDT 2012 offers integration with the Microsoft Security Compliance Manager (SCM) tool to ensure a secure Windows deployment from the start.
Reliability and flexibility: Existing MDT users will find more reliability and flexibility with the many small enhancements and bug fixes and a smooth and simple upgrade process.
Support for Windows 8: The RC1 release of MDT 2012 provides support for deploying Windows 8 Consumer Preview in a lab environment.
Key Benefits:
- Full use of the capabilities provided by System Center Configuration Manager 2012 for OS deployment.
- Improved Lite Touch user experience and functionality.
- A smooth and simple upgrade process for all existing MDT users.
New Features:
For System Center Configuration Manager customers:
- Support for Configuration Manager 2012 (while still supporting Configuration Manager 2007)
- New User-Driven Installation components for Configuration Manager 2007 and Configuration Manager 2012
- Extensible wizard and designer, additional integration with Configuration Manager to deliver a more customized OS experience, support for more imaging scenarios, and an enhanced end-user deployment experience
- Ability to migrate MDT 2012 task sequences from Configuration Manager 2007 to Configuration Manager 2012
For Lite Touch Installation:
- Integration with the Microsoft Diagnostics and Recovery Toolkit (DaRT) for remote control and diagnostics
- New monitoring capabilities to see the progress of currently running deployments
- Support for deploying Windows to computers using UEFIAbility to deploy Windows 7 so that the computer will start from a new VHD file, "Deploy to VHD"
- Improved deployment wizard user experience
For all customers:
- Integration with configuration templates from the Security Compliance Manager Solution Accelerator, ensuring Windows is secure from the start
- A simple mechanism for running Windows PowerShell scripts during a deployment, with task sequence environment and logging integration
- Better partitioning support, creating the recommended partitioning structures on new computers and ensuring deployments work regardless of the current structure
- A smooth and simple upgrade process for all existing MDT users
- Many small enhancements and bug fixes
The word "Globale Adreslijst" in Dutch is displayed unexpectedly in breadcrumb and navigation pane in OWA in an Exchange Server 2010 SP2 environment
Today Microsoft released a fix (KB2677598) for a small cosmetic imperfection which shows up when using Outlook Web Access in Dutch, after installing Service Pack 2 on Exchange 2010.
Instead of showing up “Mail”, OWA displayed “Globale Adreslijst” (Global Addresslist) which might be confusing to end users.
To need to download the Microsoft Exchange Server 2010 SP2 Language Pack Bundle which released on 20 Feb 2012 and install on your Exchange 2010 SP2 Client Access Servers.
You can download the Microsoft Exchange Server 2010 SP2 Language Pack Bundle (219 MB) here.
Special thanks for Jetze for notice the update
Exchange 2010 SP2 RU1 Change in CAS to CAS Proxy
The Exchange Team did a change in CAS to CAS proxy behavior between servers running Exchange 2010 SP2 RU1 and servers running older versions of Exchange.
The SP2 RU1 package introduced a change to the user context cookie which is used in CAS-to-CAS proxying. An unfortunate side-effect is a temporary incompatibility between SP2 RU1 servers and servers running earlier versions of Exchange. The change is such that earlier versions of Exchange do not understand the newer cookie used by the SP2 RU1 server. As a result, proxying from SP2 RU1 to an earlier version of Exchange will fail with the following error:
Invalid user context cookie found in proxy response
The server might show exceptions in the event log, such as the following:
Event ID: 4999
Log Name: Application
Source: MSExchange Common
Task Category: General
Level: Error
Description: Watson report about to be sent for process id: 744, with parameters: E12, c-RTL-AMD64, 14.02.0283.003, OWA, M.E.Clients.Owa, M.E.C.O.C.ProxyUtilities.UpdateProxyUserContextIdFromResponse, M.E.C.O.Core.OwaAsyncOperationException, 413, 14.02.0283.003.
Not all customers are affected by this. But since we received a few questions about this, we wanted to let you know about the change. Many Exchange customers do not use proxying between Exchange 2010 and Exchange 2007 but rather use redirection, which is not affected by the change. However, if you are using CAS-to-CAS proxying, where an Exchange 2010 SP2 RU1 Client Access server is proxying to an earlier version of Exchange 2010 or Exchange 2007 Client Access server, then you are affected by the change.
If you are affected, it is important to note that this issue is temporary and will exist only until all of the CAS involved in the CAS-to-CAS proxy process are updated to Exchange 2010 SP2 RU1. Thus, if you are affected by this problem, simply deploy SP2 RU1 on the relevant Exchange 2010 servers and the issue no longer exists.
If you use CAS-to-CAS proxy between Exchange 2010 and Exchange 2007, we will have an interim update (IU) for Exchange 2007. Availability of the IU will be announced on this blog.
Server proxy version
Server being proxied to
Action to take
Exchange 2010 SP2 RU1 –> Any version of Exchange 2010 older than SP2 RU1
Apply Exchange 2010 SP2 RU1 to all servers involved in proxy process
Exchange 2010 SP2 –-> RU1 Exchange 2007
Hold off deployment of Exchange 2010 SP2 RU1 until you deploy the Exchange 2007 interim update (IU)
SOURCE: Exchange 2010 sp2 ru1 and cas to cas proxy incompatibility
Rollup 1 for Exchange Server 2010 SP2
The Exchange Team released Update Rollup 1 for Exchange Server 2010 SP2.
It’s a long list with issues that are fixed in this rollup:
- 2465015 You cannot view or download an image on a Windows Mobile-based device that is synchronized with an Exchange Server 2010 mailbox
- 2492066 An automatic reply message is still sent after you clear the "Allow automatic replies" check box for a remote domain on an Exchange Server 2010 server
- 2492082 An Outlook 2003 user cannot view the free/busy information of a resource mailbox in a mixed Exchange Server 2010 and Exchange Server 2007 environment
- 2543850 A GAL related client-only message rule does not take effect in Outlook in an Exchange Server 2010 environment
- 2545231 Users in a source forest cannot view the free/busy information of mailboxes in a target forest in an Exchange Server 2010 environment
- 2549255 A meeting item displays incorrectly as multiple all-day events when you synchronize a mobile device on an Exchange Server 2010 mailbox
- 2549286 Inline contents disposition is removed when you send a "Content-Disposition: inline" email message in an Exchange Server 2010 environment
- 2556113 It takes a long time for a user to download an OAB in an Exchange Server 2010 organization
- 2557323 Problems when viewing an Exchange Server 2003 user’s free/busy information in a mixed Exchange Server 2003 and Exchange Server 2010 environment
- 2563245 A user who has a linked mailbox cannot use a new profile to access another linked mailbox in an Exchange Server 2010 environment
- 2579051 You cannot move certain mailboxes from an Exchange Server 2003 server to an Exchange Server 2010 server
- 2579982 You cannot view the message delivery report of a signed email message by using Outlook or OWA in an Exchange Server 2010 environment
- 2585649 The StartDagServerMaintenance.ps1 script fails in an Exchange Server 2010 environment
- 2588121 You cannot manage a mail-enabled public folder in a mixed Exchange Server 2003 and Exchange Server 2010 environment
- 2589982 The cmdlet extension agent cannot process multiple objects in a pipeline in an Exchange Server 2010 environment
- 2591572 "Junk e-mail validation error" error message when you manage the junk email rule for a user’s mailbox in an Exchange Server 2010 environment
- 2593011 Warning 2074 and Error 2153 are logged on DAG member servers in an Exchange Server 2010 environment
- 2598985 You cannot move a mailbox from a remote legacy Exchange forest to an Exchange Server 2010 forest
- 2599434 Public Folder Calendar folder is missing in the Public Folder Favorites list of an Exchange Server 2010 mailbox
- 2599663 The Exchange RPC Client Access service crashes when you send an email message in an Exchange Server 2010 environment
- 2600034 A user can still open an IRM-protected email message after you remove the user from the associated AD RMS rights policy template in an Exchange Server 2010 environment
- 2600289 A user in an exclusive scope cannot manage his mailbox in an Exchange Server 2010 environment
- 2600943 EMC takes a long time to return results when you manage full access permissions in an Exchange Server 2010 organization that has many users
- 2601483 "Can’t open this item" error message when you use Outlook 2003 in online mode in an Exchange Server 2010 environment
- 2604039 The MSExchangeMailboxAssistants.exe process crashes frequently after you move mailboxes that contain IRM-protect email messages to an Exchange Server 2010 SP1 mailbox server
- 2604713 ECP crashes when a RBAC role assignee tries to manage another user’s mailbox by using ECP in an Exchange Server 2010 environment
- 2614698 A display name that contains DBCS characters is corrupted in the "Sent Items" folder in an Exchange Server 2010 environment
- 2616124 Empty message body when replying to a saved message file in an Exchange Server 2010 SP1 environment
- 2616230 IMAP4 clients cannot log on to Exchange Server 2003 servers when the Exchange Server 2010 Client Access server is used to handle proxy requests
- 2616361 Multi-Mailbox Search fails if the MemberOfGroup property is used for the management scope in an Exchange Server 2010 environment
- 2616365 Event ID 4999 when the Store.exe process crashes on an Exchange Server 2010 mailbox server
- 2619237 Event ID 4999 when the Exchange Mailbox Assistants service crashes in Exchange 2010
- 2620361 An encrypted or digitally-signed message cannot be printed when S/MIME control is installed in OWA in an Exchange Server 2010 SP1 environment
- 2620441 Stop-DatabaseAvailabilityGroup or Start-DatabaseAvailabilityGroup cmdlet fails when run together with the DomainController parameter in an Exchange Server 2010 environment
- 2621266 An Exchange Server 2010 database store grows unexpectedly large
- 2621403 "None" recipient status in Outlook when a recipient responds to a meeting request in a short period of time in an Exchange Server 2010 environment
- 2628154 "The action couldn’t be completed. Please try again." error message when you use OWA to perform an AQS search that contains "Sent" or "Received" in an Exchange Server 2010 SP1 environment
- 2628622 The Microsoft Exchange Information Store service crashes in an Exchange Server 2010 environment
- 2628693 Multi-Mailbox Search fails if you specify multiple users in the "Message To or From Specific E-Mail Addresses" option in an Exchange Server 2010 environment
- 2629713 Incorrect number of items for each keyword when you search for multiple keywords in mailboxes in an Exchange Server 2010 environment
- 2629777 The Microsoft Exchange Replication service crashes on Exchange Server 2010 DAG members
- 2630708 A UM auto attendant times out and generates an invalid extension number error message in an Exchange Server 2010 environment
- 2630967A journal report is not sent to a journaling mailbox when you use journaling rules on distribution groups in an Exchange Server 2010 environment
- 2632206 Message items rescanned in the background in an Exchange Server 2010 environment
- 2633044 The Number of Items in Retry Table counter displays an incorrect value that causes SCOM alerts in an Exchange Server 2010 SP1 organization
- 2639150 The MSExchangeSyncAppPool application pool crashes in a mixed Exchange Server 2003 and Exchange Server 2010 environment
- 2640218 The hierarchy of a new public folder database does not replicate on an Exchange Server 2010 SP1 server
- 2641077 The hierarchy of a new public folder database does not replicate on an Exchange Server 2010 SP1 server
- 2642189 The RPC Client Access service may crash when you import a .pst file by using the New-MailboxImportRequest cmdlet in an Exchange Server 2010 environment
- 2643950 A seed operation might not succeed when the source mailbox database has many log files in a Microsoft Exchange Server 2010 DAG
- 2644047 Active Directory schema attributes are cleared after you disable a user’s mailbox in an Exchange Server 2010 environment
- 2644264 Disabling or removing a mailbox fails in an Exchange Server 2010 environment that has Office Communications Server 2007, Office Communications Server 2007 R2 or Lync Server 2010 deployed
- 2648682 An email message body is garbled when you save or send the email message in an Exchange Server 2010 environment
- 2649727 Client Access servers cannot serve other Mailbox servers when a Mailbox server encounters a problem in an Exchange Server 2010 environment
- 2649734 Mailbox replication latency may occur when users perform a Multi-Mailbox Search function against a DAG in an Exchange Server 2010 environment
- 2649735 Warning of undefined recipient type of a user after the linked mailbox is moved from an Exchange Server 2007 forest to an Exchange Server 2010 forest
- 2652849 The MailboxCountQuota policy is not enforced correctly in an Exchange Server 2010 hosting mode
- 2665115 Event ID 4999 is logged on an Exchange Server 2010 Client Access server (CAS)
Download the rollup at HERE
Exchange 2010: Setting Static RPC ports when using a Kemp LoadMaster
When you use a Kemp LoadMaster for Loadbalacing Exchange 2010 you need to set static RPC ports.
By default Windows Server 2008 and 2008 R2 are configured with a dynamic RPC range of 49152-65535 for outbound connections. When the Exchange 2010 Client Access server role is installed on Windows Server 2008 or 2008 R2, the dynamic RPC port range is changed to 6005-59530 and the highest usable port number is set to 60554.
Exchange 2010 RPC Client Access Service
By default the RPC Client Access service on an Exchange 2010 Client Access server uses the TCP End Point Mapper port (TCP/135) and the dynamic RPC port range (6005-59530) for outgoing connections, every time an Outlook clients establish a connection to Exchange.
To set a static port for the RPC Client Access service on an Exchange 2010 Client Access server, you need to open the registry on the respective server and navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSExchangeRPC
Here, you need to create a new key named ParametersSystem, and under this key create a REG_DWORD named TCP/IP Port. The Value for the DWORD should be the port number you want to use.
Configuring static ports for the RPC Client Access service
RPC.reg
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSExchangeRPC\ParametersSystem]
"TCP/IP Port"=dword:0000e88c
Note
Microsoft recommends you set this to a unique value between 59531 and 60554 and use the same value on all CAS in any one AD site.
When you’ve configured the port, it’s required to restart the Microsoft Exchange RPC Client Access service in order for the changes to be applied.
Exchange 2010 Address Book Service
To set a static RPC port for the Exchange Address Book Service, create a new REG_SZ registry key named “RpcTcpPort” under:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSExchangeAB\Parameters
RPCAB.reg
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSExchangeAB\Parameters]
"RpcTcpPort"="59533"
Microsoft recommends you set this to a unique value between 59531 and 60554 and use the same value on all Exchange 2010 Client Access servers in any one AD site.
When you’ve configured the port, it’s required to restart the Microsoft Exchange Address Book service in order for the changes to be applied.
Exchange 2010 Public Folder connections
By default public folder connections uses the TCP End Point Mapper (TCP/135) and the dynamic RPC port range (49152-65535) for outgoing connections, every time an Outlook client establish a connection to Exchange.
To set a static port for public folder connections, follow the same steps as those required for configuring static ports for the RPC CA service. Just bear in mind you need to perform them on the Exchange 2010 servers that stores public folder databases. This is because public folder connections from an Outlook client occur against the RPC Client Access service on the Mailbox server role.
Verifying the Statically Configured Ports are used
In order to verify that the static ports configured are used, the netstat.exe tool can be used:
Netstat -an -p tcp
Verifying the configured static ports are used on the Client Access and Mailbox servers
In my next blog post I will show how to config a Kemp Loadmaster.
Reference:
Link: Configure Static RPC Ports on an Exchange 2010 Client Access Server
Exchange 2010 DAG Maintance
When you need to performing maintenance on DAG nodes here is the process you want to go through In my environment I have two nodes in a dag. For more nodes the same process
All the commands below are run in an administrative exchange powershell prompt.
Type add first: cd $exscripts and press enter.
Now you are in the Exchange Scripts folder.
Exchange Node 1:
Process for running maintenance on exchange database servers
.\StartDagServerMaintenance.ps1 -ServerName <Dag Node 1>
Run maintenance on <Dag Node 1>
When you are finished on Node 1
.\StopDagServerMaintenance.ps1 -ServerName <Dag Node 1>
Exchange Node 2:
.\StartDagServerMaintenance.ps1 -ServerName <Dag Node 2>
run maintenance on <Dag Node 2>
When you are finished on Node 2
.\StopDagServerMaintenance.ps1 -ServerName <Dag Node 2>
When done performing maintenance on one or multiple servers (hopefully one at a time to maintain full database availability for end users!) you can end up with a sub-optimal active database layout, especially if you have a cross-site DAG. To resolve this you have to rebalance the databases based on the priorities set for them upon creation.
Rebalance databases across dag
.\RedistributeActiveDatabases.ps1 -DagName <Your DAG Name> -BalanceDbsByActivationPreference -ShowFinalDatabaseDistribution -Confirm:$false
If you get any errors you may have to re-index the search catalog for the passive database. Rather than hunting down which ones need to be fixed you can just fix them all with the custom script I wrote below (or for only the mail servers with issues). When finished running these commands then try to run the maintenance or rebalance scripts again.
Fix/Rebuild Search Catalogs
Get-MailboxDatabaseCopyStatus -Server <Dag Node 1> | where {$_.Status -like "Healthy"} | Update-MailboxDatabaseCopy –catalogonly
Get-MailboxDatabaseCopyStatus -Server <Dag Node 2> | where {$_.Status -like "Healthy"} | Update-MailboxDatabaseCopy -catalogonly
Enable TPM devices on HP Laptops trough MDT
Yes, It can be done and it is pretty simple to. Here is what you need and how you should do it. Basically, the only thing you need is “BiosConfigUtility.EXE” and a text file with settings in it, add that to the TS and it will work like a charm, 🙂
Step One – Get the utility
The utility is a part of HP’s SSM (SP49507), SSM stands for “HP System Software Manager” and version I have been playing with is 2.14 Rev A. Download that from the ftp://ftp.hp.com/pub/softpaq/sp49501-50000/sp49507.exe and if you need to see if your PC is in the list, check ftp://ftp.hp.com/pub/softpaq/sp49501-50000/sp49507.html
Step Two – Create the file
This is how the file should look like and it should have the name TPMEnable.REPSET
If you look at the picture, you can see that in every section there is a *. That is our default value that will be pushed into the bios.
Step Three – Create a Command and verify that it works
Now, be a bit careful, TPM is a security device and if you look your self out, it could be “tricky” to get back, so now you have been notified at least. So, we need a command to set all this and also to set a BIOS password and here it is:
BIOSConfigUtility /SetConfig:TPMEnable.REPSET /NewAdminPassword:"Password1"
So, if you take the BIOSConfigUtility.exe and TPMEnable.REPSET and put them in the same folder and run the command (elevated) with a password that is better then mine and then reboot the machine, you will see that it is going to enable the TPM chip and now you can just enable BitLocker on the machine.
Step Four – Getting stuff into the TS
Now, this can be done in different ways, one is to create a Script, or a batch file or an MDT Application. The reason for me to have an application, is very simple. When I work at customers I create a lot of “things”, if they are applications, they are pretty easy to copy inside the deployment workbench, from my personal Deployment share to the customers and vice versa. I like drag and drop, it makes life more…relaxed…:-) One other story, if they are applications, you could use the “MandatoryApplications001=” in CS.ini
So this is how it looks in my Task Sequence
(No, sorry, my password for TPM is not 111-something, trust my…)
Now when I have the application I can open my Task Sequence and modify that like this:
In the first picture you can see that I have added the application called “CUSTOM – Hewlett-Packard – BIOS Configuration” and in the other picture you can see that I have one condition to run this and that is same condition as the task “Enable Bitlocker” has.
So, that was pretty easy, right 🙂
Step Five – some more things…
Configure BitLocker:
This is my settings (also default)
Just one small thing. Modify/Set this BDEKeyLocation= to something, otherwise the keyfile ends up locally on the c: drive…:-)
Rollup 6 for Exchange Server 2007 SP3.
Earlier today the Exchange team released Update Rollup 6 for Exchange Server 2007 SP3.
De following list calls out the most important fixes which are included in this release:
22656040 An Exchange Server 2007 Client Access server may respond slowly or stop responding when users try to synchronize the Exchange ActiveSync devices with their mailboxes
2498852 "0x80041606" error message when you perform a prefix search by using Outlook in online mode in an Exchange Server 2007 environment
22653334 The reseed process is unsuccessful on the SCR passive node when the circular logging feature is enabled in an Exchange Server 2007 environment
22617784 Journal reports are expired or lost when the Microsoft Exchange Transport service is restarted in an Exchange Server 2007 environment
2289607 The week numbers displayed in OWA do not match the week numbers displayed in Outlook for English users and French users in an Exchange Server 2007 environment
For the complete list check HERE
General Notes:
Note for Forefront Protection for Exchange users For those of you running Forefront Protection for Exchange, be sure you perform these important steps from the command line in the Forefront directory before and after this rollup’s installation process. Without these steps, Exchange services for Information Store and Transport will not start after you apply this update. Before installing the update, disable ForeFront by using this command: fscutility /disable. After installing the update, re-enable ForeFront by running fscutility /enable.
Setup KMS Server for Windows Server 2008 R2 or Windows 7
Open the command prompt and run the following command:
cscript c: \ Windows \ System32 \ slmgr.vbs / ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
Enter the product key xxxxx Windows Server 2008 R2. It is also able to activate Windows 7. The following text appears when the command is successful.
Microsoft ® Windows Script Host Version 5.7
Copyright © Microsoft Corporation. All rights reserved.
Installed product key xxxxx-xxxxx-xxxxx-xxxxx-xxxxx successfully.
The installation of the KMS server is complete. The server installs itself on port 1688. This port must be opened to be put in the firewall. To change the port the following command can be used.
Slmgr.vbs / SPRT xxxx
Once the firewall is open and the key is installed, the KMS server service has to be restarted. Do this by using the following command:
slsvc & net stop & net start slsvc
To check whether the data will be registered correctly in the DNS, the following command:
nslookup-type = srv _vlmcs._tcp
Here, the following output should appear:
_vlmcs._tcp.test.local SRV service location:
priority = 0
weight = 0
port = 1688
svr hostname = kms.wardvissers.local
internet address = 192.168.150.7 kms.wardvissers.local
Clients / Servers
The clientele / servers need to connect to the KMS host will automatically find the host by dns. When the client / server using a MAK key is activated. Should this be put back to a KMS client key. These keys are released by Microsoft. When this key is set on the client / server will automatically look for a KMS host. When not present, the client / server activation.
KMS client keys:
Windows 7 Enterprise: 33PXH-7Y6KF-2VJC9-XBBR8-HVTHH
Windows Server 2008 Standard: TM24T-X9RMF-VWXK6-X8JC9-BFGM2
Windows Server 2008 Enterprise: YQGMW-MPWTJ-34KDK-48M3W-X4Q6V
Windows Server 2008 R2 Standard – YC6KT-GKW9T-YTKYR-T4X34-R7VHC
Windows Server 2008 R2 Enterprise – 489J6-VHDMP-X63PK-3K798-CPX3Y
The following commands can the key be changed from MAK to KMS here are the xxxxx is one of the above keys.
slmgr.vbs / ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
Note: To ensure that the client is forced to activate the command to be executed on the client.
slmgr-ato
It can happen that the RMS server returns the following message. This is because the KMS server is just beginning to work with 25 clients and 5 servers.
You can find here the list with error codes & solutions: http://support.microsoft.com/kb/938450
Special thanks to:Harm Hoekstra