Just to let you know Exchange 2010 SP1 Rollup 6 has been released

Here is the link to the rollup http://support.microsoft.com/?kbid=2608646

We had an issue recently when deploying ADFS 2.0 and claim based authentication for CRM 2011. Basically after 40 minutes we would get an error in CRM saying that we needed to re-authenticate.

This is due to “The lifetime of a default security token for a claims-based authentication deployment using AD FS 2.0 is 60 minutes. By default, Microsoft Dynamics CRM Server 2011 is configured to display the Authentication is Required dialog box 20 minutes before the token expires.”

To sort this we ran the following command on our ADFS server from PowerShell ( Please change setting in red to apply to your setup )

1. Add-PSSnapin Microsoft.Adfs.PowerShell
2. Get-ADFSRelyingPartyTrust -Name:"crmrelyingpartyname" | Set-ADFSRelyingPartyTrust -TokenLifetime 240

We had an issue recently when setting up CRM 2011 IFD up. The issue was that internally we were unable to access the CRM website as it kept throwing a Windows Authentication box prompt up from our ADFS server. Then we eventually we got a 401.1 error after failing to authenticate 3 times.

We checked all IIS setting and ADFS configuration on the ADFS server and all of it was fine.

The issue turned out to be Loopback checking.

“http://support.microsoft.com/kb/896861”

1. Click Start, click Run, type regedit, and then click OK.
2. In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3. Right-click Lsa, point to New, and then click DWORD Value.
4. Type DisableLoopbackCheck, and then press ENTER.
5. Right-click DisableLoopbackCheck, and then click Modify.
6. In the Value data box, type 1, and then click OK.
7. Quit Registry Editor, and then restart your computer.

As soon as we added this setting and rebooted server everything sprung into life and started working

We had a request come through which asked us to get all the users that were created after a certain date.

A good tool for this is the ADFind.exe which can be obtained from here:

http://www.joeware.net/freetools/tools/adfind/index.htm

Download and extract it to a folder, open a administrative command prompt, browse to the location that you extracted the file to and type in adfind.exe and press enter for basic help with the command.

After downloading and extracting the file I started to build my query by getting the first name and surname all of the users in a certain OU:

adfind -b ou="OU Name",DC=domain,DC=local -f "&(objectclass=user)" givenName sn

I then put in the date object that would only fetch out the users that were created after the 1st of March 2011:

adfind -b ou="OU Name",DC=domain,DC=local -f "&(objectclass=user)(whenCreated>=20110301000000.0Z)" givenName sn

You can simply change the date to what ever you need or change the greater than operand to less than. All we need do then is put it into a more readable format by exporting it to a csv which can be done running the following command:

adfind -csv -b ou="OU Name",DC=domain,DC=local -f "&(objectclass=user)(whenCreated>=20110301000000.0Z)" givenName sn >> file.csv

You can use any of the AD attributes to export, below is a quick run down of some of the ones that I have used, they are case sensitive:

mail = Primary Email Address

msRTCSIP-PrimaryUserAddress = Instant Messaging address (OCS or Lync)

ProxyAddresses = Any additional email addresses

In order to add an attribute to export for a user just add them to the end of the line before the >> with a space. For example an export of a users first name, surname and email address would look like this:

adfind -csv -b ou="OU Name",DC=domain,DC=local -f "&(objectclass=user)(whenCreated>=20110301000000.0Z)" givenName sn mail >> file.csv

Cheers

Paul

Windows event logging for Lync can be enabled/disabled via the registry by modifying the key below:

HKCU\Software\Microsoft\Communicator\EnableEventLogging

The default value is 0 which will not log Lync events in the Application log.

Set the value to 1 to enable Lync Windows event logging.

Just to let you know UAG SP1 Update 1  has been released

Here is the link to the update http://www.microsoft.com/download/en/details.aspx?id=27604&WT.mc_id=rss_alldownloads_all

The following functionality and feature improvements have been made (Referenced From the Above URL)

The following is provided by Forefront UAG Update 1:
• Lync web services publishing—Forefront UAG now supports publishing Lync web services
• Dynamics CRM 2011 publishing—Forefront UAG now supports publishing Dynamics CRM 2011
• SharePoint 2010 with Office Web Apps—Forefront UAG now supports publishing SharePoint 2010 with Office Web Apps
• Improved browser support—Forefront UAG now supports more web browsers than in previous releases

We have noticed one minor issue with the update setting the UAG DNS64 service to manual as referenced here http://support.risualblogs.com/blog/2011/10/17/uag-sp1-update-1-issue/

Here is a PowerShell command that can be used to fetch the mailbox sizes that are over a certain amount of total item size:

get-mailbox | Get-MailboxStatistics | where {$_.TotalItemSize -ge 600MB}

The script above can be simply amended to the amount of MB or GB in size that you want to find out. So, for example, if you change the value after –ge (greater or equal to) to 6GB then it will search for all mailboxes that are equal to or greater than 6GB in size.

It could be particularly useful for anyone looking to implement database limits to find out if there are any users that would be affected.

Cheers

Paul 

You may across  Event ID 1022, Error 1245 in the application log of an Exchange 2007 mailbox server. The event can appear frequently and references a mailbox within the description, see the example below:

Solution:

The 1245 error indicates that the mailbox referenced has exceeded the storage limit/quota configured on the mailbox database. To stop the errors occurring, clear down items in the referenced mailbox or re-configure your storage limits on the database:

We recent installed Update 1 onto our SP1 UAG server , after the install all clients connecting over direct access suddenly broke.

We had a look at the Web Monitor on the UAG server and looked under Current Status in the Direct Access Monitor section. We noticed that DNS64 had a cross through it.

We then checked to see if the service was started and it looks like the update had set the “Microsoft Forefront UAG DNS64 Service” to manual. So we changed this back to Automatic and started the service.

After that change all started working again

If like many people have done, you have downloaded and installed the developer preview of the new Windows 8 operating system:

http://msdn.microsoft.com/en-us/windows/apps/br229516

You may have been confronted by the new Metro user interface:

Microsoft has released this as an initial version in order to get feedback on improvements for the final version. A few of our users do not like the new interface and are longing for the original start menu of Windows Vista and 7.

The user interface can be easily disabled using a registry hack as below:

1. Load up Regedit

2. Browse to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer

3. Change RPEnabled to 0

Once you have changed the registry key, load up the Start Menu and you will be back to a more familiar Windows 7 layout for the start menu:

To change it back simply set the value of RPEnabled back to 1. You may be required to log off and back on again for the change to take affect.

Hope this helps.

Paul