Exchange 2010 SP1 Prerequisites

Some day’s ago Microsoft Releases Exchange 2010 SP1. When you install Exchange 2010 SP1 you need to install some hotfixes. The Exchange Team have made a nice over view witch hotfixes you need for the OS.

Hotfix Download Windows Server 2008 Windows Server 2008 R2 Windows 7 & Windows Vista
979744
A .NET Framework 2.0-based Multi-AppDomain application stops responding when you run the application
MSDN
or Microsoft Connect
Windows6.0-KB979744-x64.msu (CBS: Vista/Win2K8) Windows6.1-KB979744-x64.msu (CBS: Win7/Win2K8 R2) N. A.
983440
An ASP.NET 2.0 hotfix rollup package is available for Windows 7 and for Windows Server 2008 R2
Request from CSS Yes Yes N.A.
977624
AD RMS clients do not authenticate federated identity providers in Windows Server 2008 or in Windows Vista. Without this update, Active Directory Rights Management Services (AD RMS) features may stop working
Request from CSS using the “View and request hotfix downloads” link in the KBA | US-English Select the download for Windows Vista for the x64 platform. N.A. N.A.
979917
Two issues occur when you deploy an ASP.NET 2.0-based application on a server that is running IIS 7.0 or IIS 7.5 in Integrated mode
Request from CSS using the Hotfix Request Web Submission Form or by phone (no charge) Yes N. A. N. A.
973136,
FIX: ArgumentNullException exception error message when a .NET Framework 2.0 SP2-based application tries to process a response with zero-length content to an asynchronous ASP.NET Web service request: “Value cannot be null”.
Microsoft Connect Windows6.0-KB973136-x64.msu N.A. N. A.
977592
RPC over HTTP clients cannot connect to the Windows Server 2008 RPC over HTTP servers that have RPC load balancing enabled.
Request from CSS Select the download for Windows Vista (x64) N.A. N. A.
979099
An update is available to remove the application manifest expiry feature from AD RMS clients.
Download Center N. A. Windows6.1-KB979099-x64.msu N. A.
982867

WCF services that are hosted by computers together with a NLB fail in .NET Framework 3.5 SP1

MSDN N. A. Windows6.1-KB982867-v2-x64.msu (Win7) X86: Windows6.1-KB982867-v2-x86.msu (Win7)
x64: Windows6.1-KB982867-v2-x64.msu (Win7)
977020
FIX: An application that is based on the Microsoft .NET Framework 2.0 Service Pack 2 and that invokes a Web service call asynchronously throws an exception on a computer that is running Windows 7.
Microsoft Connect N. A. N. A. x64: Windows6.1-KB977020-v2-x64.msu

X86: Windows6.1-KB977020-v2-x86.msu

Some of the hotfixes would have been rolled up in a Windows update or service pack. Given that the Exchange team released SP1 earlier than what was planned and announced earlier, it did not align with some of the work with the Windows platform. As a result, some hotfixes are available from MSDN/Connect, and some require that you request them online using the links in the corresponding KBs. All these updates may become available on the Download Center, and also through Windows Update.

These hotfixes have been tested extensively as part of Exchange 2010 SP1 deployments within Microsoft and by our TAP customers. They are fully supported by Microsoft.

The TechNet article Exchange 2010 Prerequisites is updated with the hotfixes and install the prerequisites required for your server version (the hotfixes are linked to in the above table).

You can use the Install the Windows Server 2008 SP2 operating system prerequisites on a Windows 2008 R2 server. Only you have to run the following powershell command: Import-Module ServerManager

Installed Exchange 2010 SP1 on a Windows 2008 R2 Server with problems. I feels that the MMC is faster. Tomorrow upgrading a DAG/NLB cluster to Exchange 2010 SP1.

Microsoft Exchange Server 2010 Service Pack 1 has been released

Microsoft has released Exchange SP1 Open-mouthed smile.

So What’s New in Exchange SP1:

New Deployment Functionality

During an Exchange 2010 SP1 installation, you can now select a new option to install the required Windows roles and features for each selected Exchange 2010 SP1 server role. For more information, see New Deployment Functionality in Exchange 2010 SP1.

Exchange ActiveSync

In Exchange 2010 SP1, you can manage Exchange ActiveSync devices using the Exchange Control Panel (ECP). Administrators can perform the following tasks:

  • Manage the default access level for all mobile phones and devices.
  • Set up e-mail alerts when a mobile phone or device is quarantined.
  • Personalize the message that users receive when their mobile phone or device is either recognized or quarantined.
  • Provide a list of quarantined mobile phones or devices.
  • Create and manage Exchange ActiveSync device access rules.
  • Allow or block a specific mobile phone or device for a specific user.

For every user, the administrator can perform the following tasks from the user’s property pages:

  • List the mobile phones or devices for a specific user.
  • Initiate remote wipes on mobile phones or devices.
  • Remove old mobile phone or device partnerships.
  • Create a rule for all users of a specific mobile phone or device or mobile phone type.
  • Allow or block a specific mobile phone or device for the specific user.

SMS Sync

SMS Sync is a new feature in Exchange ActiveSync that works with Windows Mobile 6.1 with the Outlook Mobile Update and with Windows Mobile 6.5. SMS Sync is the ability to synchronize messages between a mobile phone or device and an Exchange 2010 Inbox. When synchronizing a Windows Mobile phone with an Exchange 2010 mailbox, users can choose to synchronize their text messages in addition to their Inbox, Calendar, Contacts, Tasks, and Notes. When synchronizing text messages, users will be able to send and receive text messages from their Inbox. This feature is dependent on the user’s mobile phones or devices supporting this feature

Reset Virtual Directory

In Exchange 2010 SP1, you can use the new Reset Client Access Virtual Directory wizard to reset one or more Client Access server virtual directories. The new wizard makes it easier to reset a Client Access server virtual directory. One reason that you might want to reset a Client Access server virtual directory is to resolve an issue related to a damaged file on a virtual directory. In addition to resetting virtual directories, the wizard creates a log file that includes the settings for each virtual directory that you choose to reset. For more information, see Reset Client Access Virtual Directories.

Exchange Store and Mailbox Database Functionality

The following is a list of new store and mailbox database functionality in Exchange 2010 SP1:

  • With the New-MailboxRepairRequest cmdlet, you can detect and repair mailbox and database corruption issues.
  • Store limits were increased for administrative access.
  • The Database Log Growth Troubleshooter (Troubleshoot-DatabaseSpace.ps1) is a new script that allows you to control excessive log growth of mailbox databases.
  • Public Folders client permissions support was added to the Exchange Management Console (EMC).

Mailbox and Recipients Functionality

The following is a list of new mailbox and recipient functionality included in Exchange 2010 SP1:

  • Calendar Repair Assistant supports more scenarios than were available in Exchange 2010 RTM.
  • Mailbox Assistants are now all throttle-based (changed from time-based in Exchange 2010 RTM).
  • Internet calendar publishing allows users in your Exchange organization to share their Outlook calendars with a broad Internet audience.
  • Importing and exporting .pst files now uses the Mailbox Replication service and doesn’t require Outlook.
  • Hierarchical address book support allows you to create and configure your address lists and offline address books in a hierarchical view.
  • Distribution group naming policies allow you to configure string text that will be appended or prepended to a distribution group’s name when it’s created.
  • Soft-delete of mailboxes after move completion

High Availability and Site Resilience Functionality

The following is a list of new high availability and site resilience functionality included in Exchange 2010 SP1:

  • Continuous replication – block mode
  • Active mailbox database redistribution
  • Enhanced datacenter activation coordination mode support
  • New and enhanced management and monitoring scripts
  • Exchange Management Console user interface enhancements
  • Improvements in failover performance

Messaging Policy and Compliance Functionality

The following is a list of new messaging policy and compliance functionality included in Exchange 2010 SP1:

  • Provision personal archive on a different mailbox database
  • Import historical mailbox data to personal archive
  • Delegate access to personal archive
  • New retention policy user interface
  • Support for creating retention policy tags for Calendar and Tasks default folders
  • Opt-in personal tags
  • Multi-Mailbox Search preview
  • Annotations in Multi-Mailbox Search
  • Multi-Mailbox Search data de-duplication
  • WebReady Document Viewing of IRM-protected messages in Outlook Web App
  • IRM in Exchange ActiveSync for protocol-level IRM
  • IRM logging
  • Mailbox audit logging

Technet Exchange 2010 SP1 info
Release Notes for Exchange Server 2010 SP1
What’s New in Exchange 2010 SP1
Downloads:
Microsoft Exchange Server 2010 Service Pack 1
Microsoft Exchange Server 2010 SP1 Language Pack Bundle
Exchange Server 2010 SP1 UM Language Packs
Exchange Server 2010 SP1 Help

Exchange 2010 Autodiscovery Issues

Two weeks ago a build my first production Exchange 2010 cluster. The Exchange 2010 web services are causing a lot of issues to people, and my self not any more.

Well, let us first list the directories that are used in the Exchange web service:

EWS is used for OOF, Scheduling assistance and free+busy Lookup.
OAB provides offline address book download services for client.
Autodiscover is used to provide users with autodiscover service.
EAS provides ActiveSync services to Windows Mobile based devices.
OWA provides outlook web access for users.
ECP provides Exchange control panel feature for Exchange 2010 users only.

Issues that might be resolved using the troubleshooting steps here:

You cannot set the OOF using outlook client, you receive the server not available error.
You cannot view free/busy information for other users.
You cannot use scheduling assistance, also you might receive not free/busy information data retrieved.
You cannot download Offline Address book errors.
You cannot use autodiscover externally.
Certificate mismatch error in autodiscover, users prompted to trust certificate in outlook 2007/2010.

First let us start by settings the right virtual directory configuration required for Exchange 2010 to work correctly:
Configure External and Internal URLs for OWS, ref: http://technet.microsoft.com/en-us/library/bb310763.aspx

You have to configure the internal URL to be the server name. In case you have multiple cas/hub servers configured in a NLB then can use the nlb cluster name for the internal url. 
External URL will be the URL used by users to access webmail e.g. https://webmail.wardvissers.nl/owa 

Configure the autodiscover internal URL, ref: http://technet.microsoft.com/en-us/library/bb201695.aspx

You will use the powershell cmdlet : Set-ClientAccessServer –Identity <CAS Server Name> -AutoDiscoverServiceInternalUri: <Internal URL>, this FQDN must match the URL included in the certificate. If you have NLB cluster then you put the internal name here like nlbek10.wardvissers.local

If you cannot use autodiscover.wardvissers.nl internally (you have a domain name of domain.local and you must use it), you will get a certificate miss match error, you will have to include the internal name in the SAN certificate if you purchase an external SAN certificate. 

You cannot set autodiscover external URL since outlook will try to access https://autodiscover.wardvissers.nl/autodiscover/autodiscover.xml, this behavior is by design and cannot be changed.

Best Practice: Use SAN Certificates

Depending on how you configure the service names in your Exchange deployment, your Exchange server may require a certificate that can represent multiple domain names. Although a wildcard certificate, such as one for *.wardvissers.nl, can resolve this problem, many customers are uncomfortable with the security implications of maintaining a certificate that can be used for any sub-domain. A more secure alternative is to list each of the required domains as SANs in the certificate. By default, this approach is used when certificate requests are generated by Exchange.

Best Practice: Use the Exchange Certificate Wizard to Request Certificates

There are many services in Exchange that use certificates. A common error when requesting certificates is to make the request without including the correct set of service names. The certificate request wizard in the Exchange Management Console will help you include the correct list of names in the certificate request. The wizard lets you specify which services the certificate has to work with and, based on the services selected, includes the names that you must have in the certificate so that it can be used with those services. Run the certificate wizard when you’ve deployed your initial set of Exchange 2010 servers and determined which host names to use for the different services for your deployment.

Which Names you must include when you use a third party SAN certificate, ref http://technet.microsoft.com/en-us/library/dd351044.aspx:
External:
webmail.wardvissers.nl
autodiscover.wardvissers.nl
legacy.wardvissers.nl (If you migrating from 2003 to 2010)
Internal:
autodiscover.wardvissers.local
legacy.wardvissers.local
nlbek10.wardvissers.local(Internal NLB CAS/HUB Cluster)
casarray.wardvissers.local(I use this address for the casarray. It has the same ip as the nlbek10)

Vizioncore release free VMware Management Pack for OpsMgr

Vizioncore, a wholly owned subsidiary of Quest have released a free Management Pack for System Center Operations Manager 2007 R2 which enables the monitoring of VMware virtual infrastructures.  Now, before I get into the features and capabilities of what the MP gives you, it’s important to point out that this is the first free MP to deliver these capabilities, and may stir things up a little over at both Veeam and Bridgeways, who both have established MP’s for OpsMgr to enable monitoring of VMware environments.  It’s important to say, both Veeam and Bridgeways offer trails of their solutions, so it would be important to compare the different MP’s for yourselves, however looking at a high level, one of the key elements that Veeam seems to have today, is that it’s PRO-enabled, thus provides more automated, dynamic and agile responses within the environment based on changing conditions.  That’s not to say both Bridgeways and Vizioncore won’t evolve their technologies in the future, and bring in PRO capabilities, however today, you would have to classify it as a differentiator for Veeam.  One you have to pay for however.

ScreenshotVizioncore Logo

So, what are the key features of the Vizioncore MP?

  • Essential alerts from the virtual infrastructure to reduce mean time to resolution (MTTR) of problems
  • Integration to System Center Operations Manager to centralize and consolidate monitoring efforts
  • Low cost and simple to use while allowing administrators to work in their familiar System Center Operations Manager views
  • Native management pack delivers alert and event management as well as trending inside the SCOM console
  • Agentless architecture for simple deployment and low overhead
  • Performance monitoring & availability event monitoring for fast resolution in the virtual environment
  • Out-of-the-box reports for host and guest metrics provides flexibility and clear communication between stakeholders

There’s even more features here

What’s nice from my perspective, is the growth of the ecosystem around the Microsoft virtualisation platform, from Partners that have, in the past, been quite VMware focused.  That’s more Vizioncore than Quest, but still, it’s moving in the right direction.

If you’re interested, you can get all the info, and download the MP, from here.

Source

Reviewing Least Privilege Security for Windows 7, Vista and XP

I was recently approached to do a book review on “Least Privilege Security for Windows 7,Vista and XP by Russell Smith” published by Packt Publishing. I will review it soon. It show you how to configure your Windows environment so that your users can operate without administrator permissions.

Here is a list of the just some of technologies that this book talks about to achieve a Least Privilege Security:

  • Program Compatibility Wizard
  • Applications Compatibility Wizard
  • User Account Control
  • Group Policy Software Deployment
  • Internet Explorer Add-on Management
  • Troubleshooting Remote Users
  • Configuring Windows Firewall
  • Software Restrictions Policies and AppLocker
  • Microsoft Deployment Toolkit
  • CD Burning
  • ActiveX Controls
  • Changing system time and time zones
  • Power Management
  • Managing networks
  • Standard Users Analyzer
  • Applications Compatibility Toolkit
  • Logon Scripts
  • Remote Desktop Services
  • App-V
  • Med-V

I have read already some chapters. I think it is a great book to have on your collection.
You have always not enough time thinking about security. This book does it for you.

As a special offer Packt Publishing are also letting people download preview chapter of this book by download here Chapter No. 3 – Solving Least privilege Problems with the Application Compatibility Toolkit

clip_image001

MDT 2010 Importing automatically the right driver

Microsoft Deployment Toolkit 2010 has some nice improvements to handle drivers. I will describe how I like to manage drivers in MDT 2010.

Some time I wrote i article about how to get the Name & Model from a computer. This is very important when you want to import only the right drivers automatically.

First we have to build the ‘Out-of-Box Drivers’ folder structure and import drivers. I have subdirectories for each architecture, brand and model.  This is what my folder tree looks like:

MDT 2010 - Out-of-Box Drivers

However, you can build your own structure, as long as you respect the proper model & brand (make) name of the vendors.

Build Out-of-Box Drivers tree

To build up the folder structure you have to know the model name of your hardware. To retrieve the proper computer name execute at powershell command prompt: ‘Get-WmiObject -Class win32_computersystemproduct | fl Name,Model,UUID,Identifyingnumber,Vendor’, to get the exact name WMI queries to determine the computer model. In my case the computer name is “Latitude D830”.

Now that we have drivers imported in our Deployment Share, it’s time to move on.

1. DriverGroups

DriverGroups existed in MDT 2008 already, although the MDT Team added subdirectory support in MDT 2010.

At deployment phase MDT uses WMI to query the proper computer model and only the current model drivers will be injected. In order to get this working properly, you have to use the EXACT model name in your Out-of-Box Driver tree.

Inject the correct drivers in your Task Sequence

Add a new step in your Task Sequence to inject the correct drivers. MDT will query the computer name and inject the drivers which corresponds with the computer name from the Out-of-Box folder structure, right before applying the image at deployment.

MDT 2010 - Set Task Sequence Variable (Add Task) MDT 2010 - Set Task Sequence Variable (DriverGroup)

I use ‘DriverGroup_001’ as Task Sequence Variable, and Win7×64\%Make%\%Model% as value for my Windows 7 x64. You have to adapt this to your Out-of-Box tree.

MDT 2010 - Set Task Sequence Variable

As I use a DriverGroup I’ve disabled the ‘Inject Drivers’ task.

Customsettings.ini

As my Task Sequence handles everything, there isn’t anything needed here.

If you don’t like to use a new Task in your TS, you can add DriverGroup variables in customsettings.ini like this:

DriverGroup_001=%Make%\%Model%

DriverGroup_002=Printers

2. Selection Profiles

New in MDT 2010 are DriverSelectionProfiles. These are easy for new MDT admins, very straight forward and easy to use.

Overview:

MDT 2010 - Selection Profiles Overview

First you have to create a Profile (or use one of the default profiles):

MDT 2010 - Selection Profiles, select folders

You can even select Packages and Applications, use it for “bad drivers” aka driver setup packs.

Select what drivers you want to add to the profile;

MDT 2010 - Selection Profiles, add profile

After making the profiles you can use them in your Task Sequences. The default ‘Inject Drivers’ settings are on the left, the customized one on the right:

MDT 2010 - Selection Profiles, task sequence MDT 2010 - Selection Profiles, task sequence

You can add  Selection Profiles for drivers/packages or whatever you want. Just add an extra step in your task sequence like above.

Customsettings.ini

As with DriverGroups you can choose to handle the DriverSelectionProfile in customsettings.ini or in your TS.

Example:

DriverSelectionProfile=Dell Latitude D520 x64

VMware vSphere 4.1 Released

WHAT’S NEW:

Installation and Deployment

Storage

  • Boot from SAN. vSphere 4.1 enables ESXi boot from SAN (BFN). iSCSI, FCoE, and Fibre Channel boot are supported. Refer to the Hardware Compatibility Guide for the latest list of NICs and Converged Adapters that are supported with iSCSI boot. See the iSCSI SAN Configuration Guide and the Fibre Channel SAN Configuration Guide.
  • Hardware Acceleration with vStorage APIs for Array Integration (VAAI). ESX can offload specific storage operations to compliant storage hardware. With storage hardware assistance, ESX performs these operations faster and consumes less CPU, memory, and storage fabric bandwidth. See the ESX Configuration Guide and the ESXi Configuration Guide.
  • Storage Performance Statistics. vSphere 4.1 offers enhanced visibility into storage throughput and latency of hosts and virtual machines, and aids in troubleshooting storage performance issues. NFS statistics are now available in vCenter Server performance charts, as well as esxtop. New VMDK and datastore statistics are included. All statistics are available through the vSphere SDK. See the vSphere Datacenter Administration Guide.
  • Storage I/O Control. This feature provides quality-of-service capabilities for storage I/O in the form of I/O shares and limits that are enforced across all virtual machines accessing a datastore, regardless of which host they are running on. Using Storage I/O Control, vSphere administrators can ensure that the most important virtual machines get adequate I/O resources even in times of congestion. See the vSphere Resource Management Guide.
  • iSCSI Hardware Offloads. vSphere 4.1 enables 10Gb iSCSI hardware offloads (Broadcom 57711) and 1Gb iSCSI hardware offloads (Broadcom 5709). See the ESX Configuration Guide, the ESXi Configuration Guide, and the iSCSI SAN Configuration Guide.
  • NFS Performance Enhancements. Networking performance for NFS has been optimized to improve throughput and reduce CPU usage. See the ESX Configuration Guide and the ESXi Configuration Guide.

Network

Availability

  • Windows Failover Clustering with VMware HA. Clustered Virtual Machines that utilize Windows Failover Clustering/Microsoft Cluster Service are now fully supported in conjunction with VMware HA. See Setup for Failover Clustering and Microsoft Cluster Service.
  • VMware HA Scalability Improvements. VMware HA has the same limits for virtual machines per host, hosts per cluster, and virtual machines per cluster as vSphere. See Configuration Maximums for VMware vSphere 4.1 for details about the limitations for this release.
  • VMware HA Healthcheck and Operational Status. The VMware HA dashboard in the vSphere Client provides a new detailed window called Cluster Operational Status. This window displays more information about the current VMware HA operational status, including the specific status and errors for each host in the VMware HA cluster. See the vSphere Availability Guide.
  • VMware Fault Tolerance (FT) Enhancements. vSphere 4.1 introduces an FT-specific versioning-control mechanism that allows the Primary and Secondary VMs to run on FT-compatible hosts at different but compatible patch levels. vSphere 4.1 differentiates between events that are logged for a Primary VM and those that are logged for its Secondary VM, and reports why a host might not support FT. In addition, you can disable VMware HA when FT-enabled virtual machines are deployed in a cluster, allowing for cluster maintenance operations without turning off FT. See the vSphere Availability Guide.
  • DRS Interoperability for VMware HA and Fault Tolerance (FT). FT-enabled virtual machines can take advantage of DRS functionality for load balancing and initial placement. In addition, VMware HA and DRS are tightly integrated, which allows VMware HA to restart virtual machines in more situations. See the vSphere Availability Guide.
  • Enhanced Network Logging Performance. Fault Tolerance (FT) network logging performance allows improved throughput and reduced CPU usage. In addition, you can use vmxnet3 vNICs in FT-enabled virtual machines. See the vSphere Availability Guide.
  • Concurrent VMware Data Recovery Sessions. vSphere 4.1 provides the ability to concurrently manage multiple VMware Data Recovery appliances. See the VMware Data Recovery Administration Guide.
  • vStorage APIs for Data Protection (VADP) Enhancements. VADP now offers VSS quiescing support for Windows Server 2008 and Windows Server 2008 R2 servers. This enables application-consistent backup and restore operations for Windows Server 2008 and Windows Server 2008 R2 applications.

Management

  • vCLI Enhancements. vCLI adds options for SCSI, VAAI, network, and virtual machine control, including the ability to terminate an unresponsive virtual machine. In addition, vSphere 4.1 provides controls that allow you to log vCLI activity. See the vSphere Command-Line Interface Installation and Scripting Guide and the vSphere Command-Line Interface Reference.
  • Lockdown Mode Enhancements. VMware ESXi 4.1 lockdown mode allows the administrator to tightly restrict access to the ESXi Direct Console User Interface (DCUI) and Tech Support Mode (TSM). When lockdown mode is enabled, DCUI access is restricted to the root user, while access to Tech Support Mode is completely disabled for all users. With lockdown mode enabled, access to the host for management or monitoring using CIM is possible only through vCenter Server. Direct access to the host using the vSphere Client is not permitted. See the ESXi Configuration Guide.
  • Access Virtual Machine Serial Ports Over the Network. You can redirect virtual machine serial ports over a standard network link in vSphere 4.1. This enables solutions such as third-party virtual serial port concentrators for virtual machine serial console management or monitoring. See the vSphere Virtual Machine Administration Guide.
  • vCenter Converter Hyper-V Import. vCenter Converter allows users to point to a Hyper-V machine. Converter displays the virtual machines running on the Hyper-V system, and users can select a powered-off virtual machine to import to a VMware destination. See the vCenter Converter Installation and Administration Guide.
  • Enhancements to Host Profiles. You can use Host Profiles to roll out administrator password changes in vSphere 4.1. Enhancements also include improved Cisco Nexus 1000V support and PCI device ordering configuration. See the ESX Configuration Guide and the ESXi Configuration Guide.
  • Unattended Authentication in vSphere Management Assistant (vMA). vMA 4.1 offers improved authentication capability, including integration with Active Directory and commands to configure the connection. See VMware vSphere Management Assistant.
  • Updated Deployment Environment in vSphere Management Assistant (vMA). The updated deployment environment in vMA 4.1 is fully compatible with vMA 4.0. A significant change is the transition from RHEL to CentOS. See VMware vSphere Management Assistant.
  • vCenter Orchestrator 64-bit Support. vCenter Orchestrator 4.1 provides a client and server for 64-bit installations, with an optional 32-bit client. The performance of the Orchestrator server on 64-bit installations is greatly enhanced, as compared to running the server on a 32-bit machine. See the vCenter Orchestrator Installation and Configuration Guide.
  • Improved Support for Handling Recalled Patches in vCenter Update Manager. Update Manager 4.1 immediately sends critical notifications about recalled ESX and related patches. In addition, Update Manager prevents you from installing a recalled patch that you might have already downloaded. This feature also helps you identify hosts where recalled patches might already be installed. See the vCenter Update Manager Installation and Administration Guide.
  • License Reporting Manager. The License Reporting Manager provides a centralized interface for all license keys for vSphere 4.1 products in a virtual IT infrastructure and their respective usage. You can view and generate reports on license keys and usage for different time periods with the License Reporting Manager. A historical record of the utilization per license key is maintained in the vCenter Server database. See the vSphere Datacenter Administration Guide.
  • Power Management Improvements. ESX 4.1 takes advantage of deep sleep states to further reduce power consumption during idle periods. The vSphere Client has a simple user interface that allows you to choose one of four host power management policies. In addition, you can view the history of host power consumption and power cap information on the vSphere Client Performance tab on newer platforms with integrated power meters. See the vSphere Datacenter Administration Guide.

Platform Enhancements

  • Performance and Scalability Improvements. vSphere 4.1 includes numerous enhancements that increase performance and scalability.
    • vCenter Server 4.1 can support three times more virtual machines and hosts per system, as well as more concurrent instances of the vSphere Client and a larger number of virtual machines per cluster than vCenter Server 4.0. The scalability limits of Linked Mode, vMotion, and vNetwork Distributed Switch have also increased.
    • New optimizations have been implemented for AMD-V and Intel VT-x architectures, while memory utilization efficiency has been improved still further using Memory Compression. Storage enhancements have led to significant performance improvements in NFS environments. VDI operations, virtual machine provisioning and power operations, and vMotion have enhanced performance as well.

    See Configuration Maximums for VMware vSphere 4.1.

  • Reduced Overhead Memory. vSphere 4.1 reduces the amount of overhead memory required, especially when running large virtual machines on systems with CPUs that provide hardware MMU support (AMD RVI or Intel EPT).
  • DRS Virtual Machine Host Affinity Rules. DRS provides the ability to set constraints that restrict placement of a virtual machine to a subset of hosts in a cluster. This feature is useful for enforcing host-based ISV licensing models, as well as keeping sets of virtual machines on different racks or blade systems for availability reasons. See the vSphere Resource Management Guide.
  • Memory Compression. Compressed memory is a new level of the memory hierarchy, between RAM and disk. Slower than memory, but much faster than disk, compressed memory improves the performance of virtual machines when memory is under contention, because less virtual memory is swapped to disk. See the vSphere Resource Management Guide.
  • vMotion Enhancements. In vSphere 4.1, vMotion enhancements significantly reduce the overall time for host evacuations, with support for more simultaneous virtual machine migrations and faster individual virtual machine migrations. The result is a performance improvement of up to 8x for an individual virtual machine migration, and support for four to eight simultaneous vMotion migrations per host, depending on the vMotion network adapter (1GbE or 10GbE respectively). See the vSphere Datacenter Administration Guide.
  • ESX/ESXi Active Directory Integration. Integration with Microsoft Active Directory allows seamless user authentication for ESX/ESXi. You can maintain users and groups in Active Directory for centralized user management and you can assign privileges to users or groups on ESX/ESXi hosts. In vSphere 4.1, integration with Active Directory allows you to roll out permission rules to hosts by using Host Profiles. See the ESX Configuration Guide and the ESXi Configuration Guide.
  • Configuring USB Device Passthrough from an ESX/ESXi Host to a Virtual Machine. You can configure a virtual machine to use USB devices that are connected to an ESX/ESXi host where the virtual machine is running. The connection is maintained even if you migrate the virtual machine using vMotion. See the vSphere Virtual Machine Administration Guide.
  • Improvements in Enhanced vMotion Compatibility. vSphere 4.1 includes an AMD Opteron Gen. 3 (no 3DNow!™) EVC mode that prepares clusters for vMotion compatibility with future AMD processors. EVC also provides numerous usability improvements, including the display of EVC modes for virtual machines, more timely error detection, better error messages, and the reduced need to restart virtual machines. See the vSphere Datacenter Administration Guide.

Partner Ecosystem

  • vCenter Update Manager Support for Provisioning, Patching, and Upgrading EMC’s ESX PowerPath Module. vCenter Update Manager can provision, patch, and upgrade third-party modules that you can install on ESX, such as EMC’s PowerPath multipathing software. Using the capability of Update Manager to set policies using the Baseline construct and the comprehensive Compliance Dashboard, you can simplify provisioning, patching, and upgrade of the PowerPath module at scale. See the vCenter Update Manager Installation and Administration Guide.
  • User-configurable Number of Virtual CPUs per Virtual Socket. You can configure virtual machines to have multiple virtual CPUs reside in a single virtual socket, with each virtual CPU appearing to the guest operating system as a single core. Previously, virtual machines were restricted to having only one virtual CPU per virtual socket. See the vSphere Virtual Machine Administration Guide.
  • Expanded List of Supported Processors. The list of supported processors has been expanded for ESX 4.1. To determine which processors are compatible with this release, use the Hardware Compatibility Guide. Among the supported processors is the Intel Xeon 7500 Series processor, code-named Nehalem-EX (up to 8 sockets).

You can download VMware vSphere 4.1 HERE

Exchange 2007 SP3 is released

What’s New in SP3 for Exchange 2007


Windows Server 2008 R2 Support

Exchange Server 2007 SP3 supports all Exchange 2007 roles on the Windows Server 2008 R2 operating system.

Windows 7 Support

Exchange 2007 SP3 supports the installation of the Exchange 2007 management tools on a computer that is running Windows 7. Additionally, Exchange 2007 SP3 provides support for the installation of the Exchange 2007 Management Tools together with the Exchange Server 2010 Management Tools on the same Windows 7-based computer.

Improved Password Reset Functionality

Exchange 2007 SP3 introduces password reset functionality for Internet Information Services (IIS) 7.

To enable the password reset feature

  1. Log on to the Exchange server that is running the CAS role by using an account that has local administrator rights.

  2. Start Registry Editor, and then locate the following registry subkey:

    HLKM\SYSTEM\CurrentControlSet\Services\MSExchange OWA

  3. Create the following DWORD value if it does not already exist:

    Value name: ChangeExpiredPasswordEnabledValue type: REG_DWORDValue data: 1

  4. Exit Registry Editor.

 Updated Search Functionality

Exchange 2007 SP3 includes updates to the Exchange Search (MSSearch) component. MSSearch provides support for creating full text indexes for Exchange stores. Exchange 2007 SP3 updates the MSSearch binary files to MSSearch 3.1.

Schema Changes

Exchange 2007 SP3 includes Active Directory schema changes for certain Unified Messaging (UM) mailbox attributes. For more information, see Active Directory Schema Changes (SP3).

Support for Right-to-Left Disclaimer Text

Exchange 2007 SP3 includes support for Right-to-Left text in e-mail message disclaimers in a right-to-left language, such as Arabic. In earlier versions of Exchange, when you use a transport rule to create a disclaimer in a right-to-left language on an Exchange 2007 Hub Transport server, the text appears incorrectly when you view it from Outlook 2007.

Exchange 2007 SP3 adds functionality to the transport rule setting to fully support right-to-left text in disclaimers.

Download here SP3 for Exchange 2007

BitLocker Active Directory Recovery Password Viewer on Windows Server 2008 R2

You can find BitLocker Password Recovery tool on Windows Server 2008 R2 under Features. You can install the tool by opening Server Manager and under »Add Features« look for »Remote Server Administration Tools« »Feature Administration Tools«. Here select »BitLocker Diver Encryption Administration Utilities« and follow the wizard.

Once install process completes you can open Active Directory Users and Computers and right click on domain level. You should now see »Find BitLocker Recovery Password…«

Synchronize time with external NTP server on Windows Server 2008 R2

Time synchronization is an important aspect for all computers on the network. By default, the clients computers get their time from a Domain Controller and the Domain Controller gets his time from the domain’s PDC Operation Master. Therefore the PDC must synchronize his time from an external source. I the servers from the NTP Pool Project website. Before you begin, don’t forget to open the default UDP 123 port (in- and outbound) on your firewall.

  1. First, locate your PDC Server. Open the command prompt and type: C:\>netdom /query fsmo
  2. Log in to your PDC Server and open the command prompt.
  3. Stop the W32Time service: C:\>net stop w32time
  4. Configure the external time sources, type: C:\> w32tm /config /syncfromflags:manual /manualpeerlist: “0.vmware.pool.ntp.org
  5. , 1.vmware.pool.ntp.org,2.vmware.pool.ntp.org”
  6. Make your PDC a reliable time source for the clients. Type: C:\>w32tm /config /reliable:yes
  7. Start the w32time service: C:\>net start w32time
  8. The windows time service should begin synchronizing the time. You can check the external NTP servers in the time configuration by typing: C:\>w32tm /query /configuration
  9. Check the Event Viewer for any errors.
Translate »