Exchange2010 training from Microsoft

It’s a busy week at the office this week as I’m at a 3 day event on Exchange2010 training as part of Microsoft’s Ignite sessions. You do need to be a Microsoft Partner to register for the Exchange 2010 training (if there are any further events going on – I’m not sure) but if you are going to be using or supporting Exchange2010 then I highly recommend it. So far it seems to be very similar to the Exchange admin training courses you would normally attend, but at a fraction of the cost. It’s a level 300 course so pretty technical – by about 4pm on the first day my mind was starting to get a bit confused – there was a lot of theory today and you certainly need to have some familiarity with previous versions of exchange.

The neat thing was that we’ve just recently moved to Exchange2010 in-house, so I was able to check some of the features that I didn’t already know about on our live client (outlook or outlook web app) as we progressed through the training.

We’re using Windows2008 machines running Hyper-V with 8gb of memory which means some creative juggling of memory and sometimes the machines are slow, but it really is the only way to do the training. Some points we have 4 machines running – this would have been almost impossible before virtualization was around to reduce the hardware requirements for enterprise lab environments. This course is also the first one I’ve been to that has some users in the local office and some using gotomeeting to attend the training over the internet. So far I think the arrangement has worked well for the internet users although I feel sorry for the person in Washington who has to start work at 6am due to the time zones. I was surprised that they were not using LiveMeeting to host the training (as this is a Microsoft event) but apparently the screenupdates were not been fast enough for the remote users.

I’ll be posting a few links on my twitter account – helsbyhome, and my absoblogginlutely delicious account  as the course progresses. Mostly these are links for extra tools, utilities or downloads to assist in the management and implementation of Exchange2010.

Symantec patch now fixes the definitions dated 91231

Yes I deliberately posted the date this way as that is how the shortsighted programmers as Symantec did it. Needless to say, when the year rolled around to 00101 this is a lot less that 91231 so the definitions were treated as old.  It scares me to see that this bug managed to get into the product – did they not learn anything from the Y2K issues?

To make matters worse we found some servers were continually downloading definitions onto the server and in one case filled up 73gb of disk space. The fix for this is to ensure that the endpoint protection manager software is running 11.0.5 – this is a new download and upgrade installation although for one of our clients it meant uninstalling and reinstalling every single pc at that location – not an upgrade at all.

To top it all, Symantec also decided this week to announce the end of life for the v10 of their products – the only version that was actually working with correct definition dates. Although end of life is in 2012, support should really have coordinated with sales to ensure that the notice didn’t go out *this* week.

I think I still have a few servers that haven’t updated, so I will be checking those out next week. If we continue to use Symantec (which I really do not want to do), I’m hoping to look at an MSP installation of the product – one server managing all the clients so I only have one place to check for client status (and only one server to install, patch and configure)

Symantec Definition date is stuck at December 31 2009

Most of our Symantec Endpoint Protection clients are alerting that the definition dates are old (we reduce the alert time to less than the default 30 days). These alerts are coming in through the desktop client and also through both of our monitoring systems. Apparently Symantec are aware of the issue (see “The date of the definitions in Symantec Endpoint Protection clients and Symantec Endpoint Protection Manager remain at Dec 31 2009”)  and their definitions cannot have a date in 2010. Therefore their work around is to push out new updates with a date of December 31st 2009 and they are just increasing the version number until engineering come up with a patch to fix the issue of not accepting dates in 2010.

I sure hope that their update plan works better than our most recent upgrade that meant we had to reinstall the client by hand at every desktop.  None of the upgrade processes would work.

Peachtree Quantum 2010 install crash and recovery

I had the misfortune today to have to go through the torturous process known as the Peachtree install. Having turned off my AV and turned on my firewall so the installation can poke holes through the firewall, the installation actually went fairly smoothly on the server. 2 hours later though I’m still struggling to install the first client.

The initial installation got all the way through to the end and then gave me an error 1327 which is something to do with installshield and redirected folders. (It’s actually because I launched the setup program using runas, but the program checks for the logged in users data location which the setup program does not have access to).

The next installation, logged on as an administrator almost finished with the status bar filled to the end but the “Peachtree Accounting is performing the requestion operations” had a blank section underneath. Checking the eventlog and temp file locations showed me nothing was actually happening.

After rebooting the machine, the installation would not run again as the product was already installed although no shortcuts had been added to the menu’s anywhere and the software wasn’t in add/remove programs like the install alert said it would be. I ran the Microsoft install cleanup program to remove the software and then started the install again.

This time the software said it was still installed, but going back to the setup splash screen the modify/remove option said the software was not installed.

I called Peachtree and thankfully they answered the phone pretty quickly – the solution is to exit the install program, delete c:\windows\peachinst directory and also the c:\windows\ptx*.ini files.

Note that this worked in my case, it may be specific to Peachtree Quantum and I would recommend you take a backup before deleting files.

I’m not a Peachtree expert by any means so I can’t guarantee this process is safe to do (but worked for me)

Network Migration Workbook arrived.

The Zero downtime migration strategies for Microsoft Networks book by Karl and Manuel Palachuk has arrived in the post this morning. An expensive book but I’m hoping this will reduce the number of weekends I have to work. Even if the book saves me 5-6 hours once, it will be well worth it.
590 pages to read, full of checklists and stuff – I’m looking forward to going through this. Unfortunately it came 5 days late for last weekends migration.
I’ll be writing a review later when I get a chance to start reading on it.

Dual boot with WindowsXP, Windows7 and Truecrypt?

Due to a variety of reasons, it is not currently possible to upgrade our work laptops to Windows7 – we’re skipping Vista and want to be ready for Windows7 when it is released in the near future.  As an alternative to using Windows7 as the main host OS I was thinking about dual booting the laptops to the different OS’s but that would mean some messy editing of disk partitions.

However, watching the Microsoft Edge demonstration of installing Windows7 to a VHD and then booting from that I got my hopes up. Unfortunately we use Truecrypt to encrypt out hard disks, and as the video demonstrates, you have to boot from the Windows7DVD which of course is not going to support TrueCrypt enabled drives.

My next thought was to temporarily decrypt the drive, install and then encrypt the drive with Truecrypt again – I think this will work but I was planning on storing the VHD file on a usb drive (for portability and the fact that my laptop hard drive is always full) but it looks like this won’t work according to Scott Hanselman’s post where he talks about doing something similar. So I guess I’ll have to wait until I can get a large hard drive for the laptop 🙁

More Blackberry fun – upgrade to v4.5

I discovered that Sprint have finally released the 4.5 version of firmware for the blackberry 8330 that will work with a BES server. I took the plunge to upgrade my device (as I *really* want the html email functionality). The upgrade went fairly smoothly apart from the following gotcha’s.
After the reboot, my theme was set back to a different one than what I normally use. No big deal but surprising this was the case.
My Cacheberry software lost the database and registration details – again no big deal as I can reload the gpx into Cacheberry and I have the registration details saved.
Blackbird, my twitter client, lost it’s settings so I had to re-enter the username and password again. Again, no real problem.

The biggest thing was that the device lost it’s ability to synchronise with our corporate server – so no incoming or outgoing email – oops! This is a big deal as my blackberry is used primarily for corporate email AND I had to go and get my BES manager to reactivate the phone for me.

Unfortunately I don’t have html email or the ability to view other people’s calendars yet as both these features look like they need the blackberry server upgrading to a new version – something I’ve requested we look at doing, especially as this will make us a lot more effective.

I did like the fact that one of the new applications is voicerecorder – functionality I miss from our old phones as I was able to record timekeeping notes on the phone as I left a client site ready for updating back at the office. Now this functionality is in the phone and you can quickly and easily send the recorded memo via email. It saves it in amr format (for some weird reason) so you will probably need quicktime or another program to play the recorded message if you don’t listen to it on the blackberry.

I also now have the ability to send/receive mms messages – I’m much more likely to receive them as this phone doesn’t have a camera but as everyone else in the office also has the same phone it’s unlikely that I’ll ever use this functionalilty.

One really cool feature is the web browser – finally we have a real mouse cursor that moves around the web – much easier to navigate and as it has a flash player I can also watch youtube videos now.

As far as the memory is concerned, I did find that not going into google maps, gmail or cacheberry seemed to keep my available memory free so I’ll be running more tests to see which application is leaking memory. I do now have 10mb free on the device (but that is probably because I have an empty cacheberry database at the moment)

Overall, a great upgrade – I’m looking forward to the enterprise server to be upgraded and then I’ll really be able to be more efficient with work emails and checking what everyone else is scheduled to be doing at the office.

For more details on the upgrade check the v 4.5 Blackberry release notes .

Dynamics SL crashing on startup after installation of .net patches.

Overnight several of the .net patches were pushed out to workstations and now when Dynamics SL  is run I get the following error. “Microsoft Dynamics SL has encountered a problem and needs to close. We are sorry for the inconvenience”

Looking in the event log or the details  I see a .net Runtime 2.0 error, Event 5000. Description EventType clr20r3, P1 msdynamicssl.exe, P2 7.0.0.0, P3 4889f859, P4 solomon.kernel, P5 7.0.0.0, P6 4649b3d9,P7 1b4, P8 0, P9 system.accessviolationexception, P10 NIL

This is then followed by id 5001, Description “Bucket 300554837, bucket table 5, EventType clr20r3, P1 msdynamicssl.exe, P2 7.0.0.0, P3 4889f859, P4 solomon.kernel, P5 7.0.0.0, P6 4649b3d9,P7 1b4, P8 0, P9 system.accessviolationexception, P10 NIL

The cause of this was actually the installation of a .NET Framework 3 patch.

The sorry saga of trying to fix this solution is documented at the dynamics forum but this is a known issue and the patch is available through Customersource or PartnerSource if you have access to this. Alternatively call Microsoft hotfix line on 1 888 456 5570 and request the Dynamics SL hotfix 961802. There is no charge for this hotfix.  Install on your workstation and you should be good to go.

However if you have tried to fix this issue by editing your .NET framework settings then I recommend totally removing .net from the computer, reinstalling v2 and the service pack.  There is a really good tool for removing .NET framework from Aaron Stebner which works a treat.

Symantec Enterprise Protection (SEP) firewall requirements for client checkin.

So I’ve spent ages troubleshooting and debugging Symantec’s Endpoint Protection (SEP) version 11, MR4 – the first version that actually has a hope of working  on a 64bit platform.  After spending far too long configuring the various policies and tweaking various settings I was finally able to get the software installed via group policy on a testlab machine but the client would not checkin with the management server. The virus definitions were 4 months old BUT the client console was saying everything was ok. Lots of troubleshooting later and I stumbled across the definitions for the Management server – a setting that I had originally wanted to change anyway.  In there I saw that the management server was listening on port 8014 and a quick telnet check from the client showed I was unable to connect.  Disabling windows firewall (temporarily – this is on a testlab so the infection risk is minimal) allowed the client to check in with the server, change some settings in the console and update the virus definition dates. Finally I re-enabled the firewall, added an exception for TCP port 8014 and it all looks good, but I’ll wait to see what happens overnight for definition updates on the client.  For future reference the list of communications ports for version 11 can be found at Symantecs website here or posted below in the extended entry. Continue reading “Symantec Enterprise Protection (SEP) firewall requirements for client checkin.”

Security warning pops up when using Outlook2007 and Exchange 2007

After a recent migration of mail to Exchange2007, we’ve just started getting users logging tickets where a security window pops up saying “The name of the security certificate is invalid or does not match the name of the site”. This can happen even when the client is not at their desk. It took a few seconds to work out what was causing it – the clue was that the window had an icon in the taskbar for outlook. Searching in Google found Microsoft’s KB article 940726 with the resolution to the fix which involves changing various internal url attributes.
The instructions are fairly straightforward but I wanted to see what the values were set to before making the change. As I’m not very familiar with powershell it took me a while to work out what I needed.
For the command

Set-ClientAccessServer -Identity Servername -AutodiscoverServiceInternalUri https://name.contoso.com/autodiscover/autodiscover.xml

you want to run the command

Get-ClientAccessServer -Identity Servername | fl
The pipe fl provides all the values in a list – if you don’t include this part of the code you will end up with one line containing the name of the server – a value that you hopefully know already!
I really need to get cracking on my powershell skills – I still prefer good old fashioned dos batch programming but now that we’ve started to roll out powershell across all machines, powershell skills will be in demand more and more.