Exchange 2013 Health Check Monitors and Journaling

Exchange 2013 includes built-in health monitors that monitor the health of system resources.  Microsoft calls this new process "Managed Availability".

The Exchange 2013 Server Health and Performance topic on TechNet says,

"Exchange 2013 introduces the concept of managed availability. Managed availability runs on every Exchange 2013 server. It's made up of two processes, the Exchange Health Manager Service (MSExchangeHMHost.exe) and the Exchange Health Manager Worker process (MSExchangeHMWorker.exe), and the following asynchronous components:

• Probe engine   The probe engine takes measurements on the server.

• Monitoring probe engine   The monitoring probe engine stores the business logic about what constitutes a healthy state. It functions like a pattern recognition engine, looking for patterns and measurements that differ from a healthy state, and then evaluating whether a component or feature is unhealthy.

• Responder engine   When the responder engine is alerted about an unhealthy component, its first action is to try to recover that component. Managed availability enables multi-stage recovery actions. The first attempt may be to restart the application pool, the second attempt may be to restart the corresponding service, and the third attempt may be to restart the server. And, the final attempt may be to put the server offline, so that it no longer accepts traffic. If all of these actions fail, an alert is sent to the help desk."

When you install Exchange 2013 it automatically creates several HealthMailbox<guid> objects in Active Directory used by the managed availability service.  There are two health mailboxes that are created for a single mailbox database, one for mailboxes, and one for Public Folders (if deployed).  These hidden mailbox objects can be viewed from EMS by running the following command:

Get-Mailbox -Monitoring

Exchange 2013 managed availability uses these HealthMailbox<guid> objects to send emails through Exchange to verify mail flow every 5 minutes.  This causes problems if you're doing organization-wide journaling in the RTM version of Exchange 2013.  The org-wide Journal Rule will journal all these health probe emails, polluting the journal with thousands of useless messages.

Examples of these journaled health monitor messages are:

Sender: HealthMailboxac09e6fd942f4b40aba364cf2bf34e6b@contoso.com

Subject: MBTSubmission/StoreDriverSubmission/00000047-0000-0000-0000-0000b7145037-MapiSubmitLAMProbe

Message-Id: <2f33c299d6594de9b2ade02dee24e0c9@EX1.contoso.com>

To: HealthMailboxac09e6fd942f4b40aba364cf2bf34e6b@contoso.com

Sender: HealthMailboxc8a6d67ca286431abdf771e24a58093e@contoso.com

Subject: Client submission probe

Message-Id: <70701396-16e9-49ed-9888-11e39257d03e@EX1.contoso.com>

Bcc: HealthMailboxc8a6d67ca286431abdf771e24a58093e@contoso.com

Sender: inboundproxy@inboundproxy.com

Subject: Inbound proxy probe

Message-Id: <20d4e3a7-34a4-4b59-9773-9e1b51328b5a@EX1.contoso.com>

Recipient: HealthMailboxc8a6d67ca286431abdf771e24a58093e@contoso.com

Exchange 2013 Journal Mailbox filled with HealthMailbox* reports

This issue is supposed to be fixed in the first half of 2013, but if you can't wait that long (who could blame you), here's a workaround:

• Add "Ignore" as the value of the ExtensionCustomAttribute1 attribute on each HealthMailbox* object in Active Directory using the following command from the Exchange Management Shell:

Get-Mailbox -Monitoring | Set-Mailbox -ExtensionCustomAttribute1 'Ignore'

• Use the Exchange Management Shell to create a new Dynamic Distribution Group using the following two commands:

New-DynamicDistributionGroup -Name 'Journaled Users' -Alias JournaledUsers -RecipientFilter {((((CustomAttribute1 -ne 'Ignore') -and (RecipientType -eq 'UserMailbox'))) -and (-not(Name -like 'SystemMailbox{*')) -and (-not(Name -like 'CAS_{*')) -and (-not(RecipientTypeDetailsValue -eq 'MailboxPlan')) -and (-not(RecipientTypeDetailsValue -eq 'DiscoveryMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'PublicFolderMailbox')) -and (-not(RecipientTypeDetailsValue -eq 'ArbitrationMailbox')))}
Set-DynamicDistributionGroup -HiddenFromAddressListsEnabled $true

• The commands above create an Exchange Dynamic Distribution Group called Journaled Users that contains all email enabled objects where the ExtensionCustomAttribute1 doesn't equal Ignore.  It then hides the Dynamic Distribution Group from the Exchange address lists.  Note that users will not see this DDG in the list of groups they are members of.
• Create a new journal mailbox to hold the journal reports and hide it from Exchange address lists.  In this example, I call it Journal Mailbox.
• Lastly, create a new Journal Rule that journals all emails for the Journaled Users DDG to a journaling mailbox called Journal All using the following command from EMS:

New-JournalRule -Name 'Journal All' -JournalEmailAddress 'journalmailbox@domain.com' -Scope 'Global' -Enabled $true -Recipient 'JournaledUsers@domain.com'

It's important that you don't update the Dynamic Distribution Group using the Exchange Management Console.  Doing so will update the DDG to a "precanned" RecipientFilter and the HealthMailbox* mailboxes will be journaled.

Update 5/29/2013 - I have confirmed this is still an issue with Exchange 2013 RTM CU1.
Update 8/1/2013 - Still an issue with Exchange 2013 RTM CU2-V2.  Microsoft released the following KB article describing how to use the new Add-GlobalMonitoringOverride cmdlet to work around the problem.  See Managed Availability messages are journaled in Exchange Server 2013 (http://support.microsoft.com/kb/2823959).  I expect this will be the way to address this issue going forward.
 

Read more ...

Script to Force Download of the Lync 2013 Address Book

In a previous article I wrote a script that forces Lync 2010 clients to update the Lync Server 2010 address book.

The Lync 2013 client not only changes the location where the address book is stored on the local machine, but changes the address book file name for Lync Server 2013, as well.

The script below sets the GALDownloadInitialDelay key in the registry to force the Lync client to download the address book immediately after signing in.  It then enumerates all the SIP_* sub-folders in the C:\Users\%username%\AppData\Local\Microsoft\Office\15.0\Lync folder and deletes the ABS__sipdomain.cache file which makes up the local Lync 2013 address book and the GAL*.* files that make up the local Lync 2010 address book.

@echo off
echo.
rem Check if Lync is running, exit if it is...
tasklist /fi "IMAGENAME eq lync.exe" | find "lync.exe" >nul
If %errorlevel%==0 goto LyncIsRunningError
rem Add x86 GALDownloadInitialDelay registry entry
reg add HKCU\Software\Policies\Microsoft\Communicator /v GALDownloadInitialDelay /t REG_DWORD /d 0 /f >nul
If %errorlevel%==1 goto ElevationError
rem Add WOW64 GALDownloadInitialDelay registry entry if x64
If %PROCESSOR_ARCHITECTURE%==AMD64 reg add HKCU\Software\Wow6432Node\Policies\Microsoft\Communicator /v GALDownloadInitialDelay /t REG_DWORD /d 0 /f >nul
If "%LOCALAPPDATA%"=="" Set LOCALAPPDATA=%USERPROFILE%\Local Settings\Application Data
dir "%LOCALAPPDATA%\Microsoft\Office\15.0\Lync\sip_*" /b > list.txt
FOR /F "tokens=1" %%i in (list.txt) do (
rem Delete the Lync Server 2010 address book...
If Exist "%LOCALAPPDATA%\Microsoft\Office\15.0\Lync\%%i\gal*.*" del "%LOCALAPPDATA%\Microsoft\Office\15.0\Lync\%%i\gal*.*"
rem Delete the Lync Server 2013 address book...
If Exist "%LOCALAPPDATA%\Microsoft\Office\15.0\Lync\%%i\abs*.cache" del "%LOCALAPPDATA%\Microsoft\Office\15.0\Lync\%%i\abs*.cache"
)
del list.txt
echo Clearing Lync 2013 Address Books...  Done!
echo.
echo Sign back into Lync 2013 to download the current address book.
goto End
:ElevationError
echo ERROR: You must run this command from an elevated Command Prompt.
echo.
goto End
:LyncIsRunningError
echo ERROR: You must exit Lync 2013 before running this command. Right-click the Lync icon and choose Exit.
echo.
:End

Save the script above as UpdateLync2013AddressBook.bat.  Exit out of the Lync client and run the script from an elevated Command Prompt. Then sign back into Lync and the address book will download immediately.

Output from UpdateLync2013AddressBook.bat

Read more ...

Working with Hi-Res Photos in Exchange 2013 and Lync 2013

Exchange 2013 and Lync 2013 now have the ability to use high-resolution photos for users to view photos of their contacts and to make their own photos available to others.  Usually these photos were stored as part of the user's thumbnailPhoto attribute in Active Directory.  The recommended resolution for photos stored in the thumbnailPhoto attribute is 96 pixels by 96 pixels.  In addition, the thumbnailPhoto attribute has a physical limit of 10KB.

Lync 2013 now features a larger contact photo for meeting participants.  It scales those small 96x96 pixel thumbnailPhotos up to 278x278 pixels, which results in a blurry, but still usable, photo.

96x96 pixel photo displayed in Lync 2013

The new high-res photos used by the Wave 15 products (Exchange 2013, Lync 2013, SharePoint 2013, and Office 2013) are now stored in the user's Exchange 2013 mailbox and are accessed using Exchange Web Services (EWS).  This makes a lot of sense since Exchange is installed in almost all of these environments.  Lync 2013 now allows for photo sizes up to 648 pixels by 648 pixels - a 700% improvement!  Just look at that handsome devil!

648x648 pixel photo displayed in Lync 2013

The following script sample can be used to store a 648 by 648 pixel photo in Ken Myer's Exchange 2013 mailbox:

$photo = ([Byte[]] $(Get-Content -Path "C:\Photos\Ken Myer.jpg" -Encoding Byte -ReadCount 0))
Set-UserPhoto -Identity kenmyer -PictureData $photo -Confirm:$False
Set-UserPhoto -Identity kenmyer -Save -Confirm:$False

Exchange 2013 automatically scales this 648x648 photo for various applications. The following examples show the same hi-res photo in Office 2013 and Lync 2013 scaled to different sizes.

Outlook 2013 contact view

My Picture option in Lync 2013

Notice in the Lync 2013 example above that there's a button to allow users to edit or remove their picture.  That button only lights up in Lync 2013 if the user's mailbox is hosted on an Exchange 2013 server.  There is no "self-service" way to upload pictures with Exchange 2010, although it can be done from SharePoint 2010.

But before you go updating all the photos of employees in your company with new hi-res photos, you should know a few things about backward compatibility.  The Set-UserPhoto cmdlet, which only exists in Exchange 2013 and is used in the script above, not only stores the hi-res photo in the user's mailbox, it also stores a 48x48 pixel version in the thumbnailPhoto AD attribute.  That's half the resolution of the 96x96 recommended size and results in a terrible photo for users on Exchange 2010.

48x48 pixel thumbnailPhoto displayed in Lync 2013

It's interesting to note that Exchange 2010 users always use the 48x48 thumbnailPhoto attribute in AD.  Lync 2013 won't look for a hi-res photo in the Exchange 2013 user's mailbox if the Lync 2013 user is on Exchange 2010.  This gives a less than optimal view for the Exchange 2010 Lync user:

This is really only an issue for customers in an migration scenario, but it's worth noting.  The point is that update Exchange 2013 mailbox users with hi-res photos, you may still want to re-update the users' thumbnailPhoto attributes with better 96x96 pixel photos when you're done.

For more information about high resolution photos used in Lync 2013 see Configuring the Use of High-Resolution Photos in Microsoft Lync Server 2013, but please keep in mind that the script examples in that article have typos in them.  The script above corrects those errors.

You may also want to read GAL Photos in Exchange 2010 and Outlook 2010.

Read more ...

Lync 2013 and Exchange 2013 Visio Stencils

Microsoft has released a new set of Visio stencils and shapes for Lync 2013 and Exchange 2013.  You can download the new stencils here.

This stencil contains more than 300 icons to help you create visual representations of your Microsoft Office and Exchange Server architecture.

The Visio stencil provides more than 300 icons -- many depicting servers, applications, and services -- that you can use in architecture diagrams, charts, and posters. These icons are primarily centered around Lync, SharePoint, and Exchange technologies and features.

Read more ...

Configuring Unique Receive Connector SMTP Banners in Exchange Server

My best practice is to create dedicated receive connectors in Exchange for each receive purpose.  For example, I'll create one receive connector for inbound SMTP email from the Internet or from inbound gateway servers and another for internal application servers that relay email though Exchange.  Each connector has different properties, such as source networks, authentication and permission group settings.  By doing this you have better control over these connectors and can apply different behaviors, such as throttling settings.   It also allows you to disable individual connectors if necessary without affecting other SMTP traffic.

Since receive connectors are server-specific, you will probably create the same connectors on most or all of your hub transport servers.  When you have a number of receive connectors spread across several hub transports, it’s useful to know which server and receive connector is accepting the traffic.  I do this by configuring the banner property of each receive connector to match the connector name and enable verbose logging.

The SMTP banner property specifies the string that Exchange answers with on SMTP connections to the specific connector.  By default, Exchange answers with the FQDN of the server, the Microsoft ESMTP MAIL service string, and the date and time, like this:

Default SMTP banner

I wrote a two-line script that configures each receive connector to reply with the server and connector name, like this:

New SMTP banner showing server name and connector name

Run the following script from EMS to change the receive connector SMTP banners to match the server\connector name:

$rc = Get-ReceiveConnector
$rc | % {Set-ReceiveConnector $_.Identity -ProtocolLoggingLevel Verbose  -Banner "220 $_"}

This script will configure the SMTP banner for all of the receive connectors in the organization.  It also enables verbose logging for each connector, which creates receive connector log files in C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\ProtocolLog\SmtpReceive.  These log files are useful to see how your receive connectors are operating.  They also show the connector name for each connection.

As you can see above, the SMTP Receive log is taking connections using the HUB01\Default and HUB01\Internal Relay receive connectors.

Read more ...

It's Only Weird if it Doesn't Work

Meet Timmy. Timmy is a pitcher for the San Francisco Giants. I got this Tim Lincecum bobble head at the August 27th, 2011 fan appreciation day. Timmy sits on my desk at home.

Meet Carl. Carl is a zombie. My kids adopted Carl for me for Christmas in 2011.

The Giants won the World Series in 2010, but their 2011 season wasn't so great. They didn't even make the playoffs.  So when I got Carl for Christmas, it seemed only natural to have him ride Timmy to do better in 2012.

Well, that didn't work out so well for Timmy - his ERA for the 2012 season was 5.18 (his career highest) and his only post-season start in NLCS Game 4 earned him an ERA of 5.40. During that game I took Carl off Timmy's back and stood him in front of the TV, staring him down. Obviously, it did not work.

So I figured that maybe Carl was too intimidating for Timmy. I put Carl in a drawer. The Giants then took the NLCS and, at the time of this writing, are poised to sweep the Detroit Tigers in the 2012 World Series.

Carl is still in the drawer.  GO GIANTS!!!

Read more ...

How to Configure Public and Private Computer Settings in OWA 2013

The new "streamlined user interface" in Exchange 2013 no longer allows users to select whether they are using a public or private computer to access Outlook Web App.  By default, OWA 2013 assumes your are using a private computer and uses the default timeout value of 8 hours of user inactivity before requiring the user to sign in again.

 

The LogonPagePublicPrivateSelectionEnabled parameter of the Set-OWAVirtualDirectory cmdlet specifies whether the Outlook Web App sign-in page includes the private computer or public computer sign-in option.  The following example will enable the Private Computer checkbox on server EX1, as show below:

Set-OwaVirtualDirectory "ex1\owa*" -LogonPagePublicPrivateSelectionEnabled $True

You need to reset IIS after configuring the OwaVirtualDirectory using the IISRESET command:

iireset /noforce /timeout:120

The default cookie timeout value in OWA for Private Computers is 8 hours of user inactivity.  The default timeout value for Public Computers is 15 minutes of user inactivity.  If you wish to change these values use one or both of the following commands:

Set-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\MSExchange OWA' -Name PrivateTimeout -Value <amount of time> -Type DWORD

Set-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\MSExchange OWA' -Name PublicTimeout -Value <amount of time> -Type DWORD

The values above are specified in minutes.  You'll need to reset IIS after changing these values.

Read more ...

RPC Client Encryption in Exchange 2013

Exchange 2013 enables RPC client encryption by default (again). 

I say "again" because it was an option in Exchange 2007 and became the default setting in Exchange 2010 RTM.  This caused a fair amount of trouble for organizations using Outlook 2003, since MAPI encryption was disabled in Outlook 2003 by default. 

Symptoms of this problem include the following error messages:

• Cannot start Microsoft Office Outlook. Unable to open the Office window. The set of folders could not be opened.
• Unable to open your default e-mail folders. The information store could not be opened.

If your users are using Cached Exchange Mode, Outlook won't display an error, but will start in disconnected mode.

It was easy to workaround this issue by either disabling RPC encryption on the Client Access Servers or, better yet, enable encryption in Outlook 2003 via Group Policy.  Outlook 2007 and later have encryption enabled by default.

Encryption is enabled by default in Outlook 2013

For some reason, the Exchange product team decided to reverse the decision to require RPC encryption in Exchange 2010 SP1 until now in Exchange 2010.  I suspect encryption is enabled by default again because Exchange 2013 does not support Outlook 2003 or earlier.

 

If your organization has upgraded to Outlook 2007/2010/2013, you'll probably want to remove or reconfigure Group Policy to enable encryption in Outlook and re-enable it on your CAS servers, if needed. 

The cmdlet to check RPC MAPI encryption on your CAS servers is:

Get-ClientAccessServer | Get-RPCClientAccess | fl server,enc*

And the cmdlet to enable RPC MAPI encryption on all your CAS servers is:

Get-ClientAccessServer | Set-RPCClientAccess -EncryptionRequired $True

When RPC encryption is enabled, the Exchange Remote Connectivity Analyzer (ExRCA) will report a harmless warning that the Name Service Provider Interface (NSPI) bind operation failed due to the encryption requirement.  NspiBind then tries again with encryption enabled and succeeds.  This is expected behavior.

Read more ...

Allowing Messages to be Sent to Recipients of Internal and External Relay Domains

If you have Exchange 2010 Edge Transport servers in your environment you probably have Recipient Filtering configured to "Block messages sent to recipients that do not exist in the directory".

This setting configures the Edge Transport server to drop messages destined to email addresses that do not exist in Active Directory.  The messages are dropped with a "550 5.1.1 User unknown" permanent error, rather than generating a Non Deliverable Report (NDR) to the sender.  This prevents "backscatter," a condition where your domain ends up on a real-time block list (RBL) due to issuing NDRs to accounts that never really sent the original email (spoofing).

This type of recipient blocking won't work for Internal Relay or External Relay domains because the Edge server can't query those domain's directories.  This causes emails bound for these domains to fail with the "550 5.1.1 User unknown" error, above.

Internal Relay Domains and External Relay Domains are configured in the New Accepted Domain wizard on the Hub Transport server.  The accepted domain configuration then syncs to the Edge server using the EdgeSync process.

External Relay Domains route from the Edge Transport server to the external domain's mail server.  Internal Relay Domains route email from the Hub Transport server to external domain's mail server if the email does not resolve internally.  Both relay domains use a dedicated Send Connector for remote domain.

You can disable address book lookups for internal and external relay domains using the Set-AcceptedDomain cmdlet, as shown below:

Set-AcceptedDomain externaldomain.com -AddressBookEnabled $False

This command needs to be run from the Hub Transport server and then synced to the Edge server by the EdgeSync process.  You can force the sync immediately using the Start-EdgeSynchronization cmdlet.

Read more ...

How to Boot Directly into Desktop with Windows Server 2012 with a GUI

I love Windows Server 2012 RTM, I really do.  But who's bright idea was it to boot to the "Modern UI" (aka, Metro) instead of the Windows Desktop?  There's really no reason for this, so I wrote a PowerShell script that configures Windows Server 2012 with a GUI to boot directly into the Desktop after signing in locally.  It does not affect RDP connections - those already go directly to the Desktop.

This is not a hack.  The script simply changes permissions on an existing registry key to allow the value to be changed, and then changes it.

NOTE: This script does not work on Windows 8 RTM -- It only works on Windows Server 2012 RTM.  Early beta builds of Windows 8 allowed you to toggle booting to the Desktop.  Microsoft removed those hacks in the RTM build of Windows 8, sorry.  :(

You may also want to read my article, How to Enable Autologon for Windows Server 2008 Member Servers and Windows 7 Member Workstations.  Those procedures also work for Windows Server 2012 and Windows 8.

Copy and paste the following text into Notepad and save it as BootToDesktop.ps1 on your Windows Server 2012 computer:

#Take Ownership of the "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Server" registry key
$definition = @"
using System;
using System.Runtime.InteropServices;
namespace Win32Api
{
    public class NtDll
    {
        [DllImport("ntdll.dll", EntryPoint="RtlAdjustPrivilege")]
        public static extern int RtlAdjustPrivilege(ulong Privilege, bool Enable, bool CurrentThread, ref bool Enabled);
    }
}
"@
Add-Type -TypeDefinition $definition -PassThru
$bEnabled = $false
$res = [Win32Api.NtDll]::RtlAdjustPrivilege(9, $true, $false, [ref]$bEnabled)
$key = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("SOFTWARE\Microsoft\Windows NT\CurrentVersion\Server", [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::takeownership)
$acl = $key.GetAccessControl()
$acl.SetOwner([System.Security.Principal.NTAccount]"Administrators")
$key.SetAccessControl($acl)

#Give Full Control of the key to BUILTIN\Administrators
$acl = Get-Acl "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Server"
$rule = New-Object System.Security.AccessControl.RegistryAccessRule("BUILTIN\Administrators","FullControl","Allow")
$acl.SetAccessRule($rule)
$key.SetAccessControl($acl)
$key.Close()

#Set the value of ClientExperienceEnabled to 0 to enable boot to Desktop
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Server" -Name ClientExperienceEnabled -Value 0

Optionally, you can download the BootToDesktop.ps1 script here.

Now simply run the BootToDesktop.ps1 script from an elevated Windows PowerShell prompt and reboot.  The next time you sign in Windows Server 2012 will go straight into the Desktop.

The PowerShell script does three things:

• It assigns ownership of the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Server registry key to the local built-in Administrators group.  By default this key is owned by the protected TrustedInstaller security principal.
• Full control is given on the key to the built-in Administrators group.  By default built-in Administrators only have Read access.  Full control gives us the ability to change values in the key.
• Changes the ClientExperienceEnabled value from 1 to 0, which configures Windows to start directly to the Desktop.

Windows Server 2012 and Windows 8 secure protected registry keys and files using the TrustedInstaller security principal.  TrustedInstaller is a core part of Windows Resource Protection (WRP) technology.  Windows usually assigns ownership of WRP protected items to TrustedInstaller and they normally cannot be modified or deleted.  This script overcomes that and allows you to change the value of the ClientExperienceEnabled value.

Since this is really just a simple registry change, you can safely use it in your server imaging process for all your Windows Server 2012 computers.  It only needs to be run once per server and affects all users who login to that server.

Read more ...

Update: How to Configure Fast Cached Exchange Mode Settings for Outlook 2013 Using Group Policy

With the release of Office 2013 right around the corner and quite a number of people already running the Office 2013 Consumer Preview, I thought I'd update a previous article I wrote that speeds up Outlook performance.

How to Configure Fast Cached Exchange Mode Settings for Outlook 2010 and Outlook 2013 Using Group Policy explains how to configure Outlook 2010 and Outlook 2013's Cached Exchange Mode send/receive behavior.  With these changes Outlook cached mode behaves very similar to online mode.  There is no change in network bandwidth with this configuration - it just configures Outlook to go on "mail runs" more frequently.

Read more ...

One-Day Midlife Crisis #FTW

Today. Was. Awesome.

I spent the day at Club Sportiva in San Jose on one of their Exotic Car Tours.  Five other drivers and I drove European supercars through the winding roads of the Monte Bello Open Space Preserve, Woodside, and along the Pacific Coast.  It was an absolutely perfect day for driving.

We all got to drive each of the following cars over the course of the day:

• Audi R8
• Ferrari F430
• Nissan GTR
• Lotus Elise
• Lamborghini Gallardo V10 Spyder
• Tesla Roadster (well, most of us did)

Here's a short video I made of the cars when were at our first pit stop and we swapped cars.


We each drove alone (no copilot) and were led on the tour by one of Club Sportiva's fantastic drivers in a Ford Mustang Shelby GT500.  We got to drive each car for about 30 minutes along twisting roads through the hills below beautiful blue skies.

I made the following video from the Lamborghini Gallardo Spyder by propping my iPhone in the dash.  You can hear the throaty rumble of the Gallardo's V10 engine as I wind through the hillside.



We stopped half way at Alice's Restaurant in Woodside, CA to have a nice lunch and let passersby's gawk at our glistening supercars.  It was a blast to drive through small towns where people told us, "I want to HEAR it!"  I'd push the clutch in, gun it, and watch the smiles light up on everyone's faces.  People would stop and point at us.  Cameras came out.

All the cars were manual transmissions except for the Nissan GTR and, of course, the Tesla Roadster since it's a fully electric sports car.  I was a bit worried about driving a stick, since it's probably been 15 years since I last drove one.  But it's a lot like a riding a bicycle - you never forget.

The Audi R8 was probably the best all-around supercar.  It had an amazing amount of sure-footedness due to its all-wheel drive and fantastic engine.  It was a powerhouse that didn't take a great deal of work to drive.  I'd love to have this for my daily commute.

The Ferrari F430 was the most exciting car for me to drive.  It had a deep throaty growl and would actually startle me when I hit the gas and instantly accelerated.  Fantastic handling, but the shifting was very "notchy".  Apparently this is a common complaint about Ferraris and is what led to the creation of the Lamborghini.

The Nissan GTR had the best electronics.  This was one of the two cars with an automatic transmission and had paddle shifters on the wheel.  You have the option of putting the transmission into manual, where you must use the paddle shifters to change gears.  There's no manual clutch - the electronic double clutch shifts gears instantly.  The large display had typical GPS functionality and also had screens that reported the amount of Gs you were pulling when accelerating or turning.  Too much automation for me - I found this car rather boring, but FAST!  I got up to 112MPH without blinking an eye.

The Lotus Elise was the most fun to drive.  This car weighs less than 1,900 lbs. and has ~200 HP.  It's a total slot car.  It has absolutely no electronics in it, so it takes a lot of concentration to drive.  No traction control, power steering, or antilock breaks.  The seats are hard plastic and you're mere inches above the ground.  An absolutely amazing car to drive that made me smile the whole time.

The Lamborghini Gallardo Spyder is sex in yellow.  It has the most amazing tuned exhaust that makes even blind people turn and look.  With a massive V10 engine it's a bit heavy, but was amazing to drive.  If you're looking for a supercar that evokes lusty emotions, this is your car.

Finally, is the Tesla Roadster.  I'd love to tell you about its instant acceleration due to it's powerful electric motors, but alas I cannot.  It ran out of battery before it became my turn to drive it.  It's a shame since this was one of the cars I was really looking forward to driving.  Club Sportiva said they'll make it up to me with a future driving opportunity.  We left the Tesla on the side of one of the mountain roads for a Club Sportiva flatbed to pick up later.  I rode back with Travis from Club Sportiva in the Ford Mustang Shelby GT500.

This was a true once-in-a-lifetime experience.  I highly recommend it if you have the chance to do it!

Read more ...

How to Convert Hyper-V VHD Disks to VHDX

Windows Server 2012 Hyper-V offers a new virtual disk type called VHDX.  VHDX virtual disks have many benefits, including larger maximum disks up to 64TB, protection against data corruption, and improved alignment of the virtual hard disk format to work well on large sector disks.  See http://technet.microsoft.com/en-us/library/hh831446.aspx for more information about the VHDX disk type.

You can convert existing older format VHD disks to the new VHDX format using the Hyper-V Manager console.  This process will create a new VHDX disk and copy the data from the existing VHD to the new disk.  At the end of the procedure you will have two disks, the original VHD disk and a new VHDX disk with the same contents.  You can safely delete the original VHD disk once you have confirmed that the new VHDX disk is fully functional.

Here are the steps to convert an existing VHD disk to a VHDX disk:

• Shut down the VM that is accessing the disk, if necessary.  You cannot convert a disk that is in use.
• Open the Hyper-V VM settings, navigate to the hard drive you wish to convert, and click the Edit button, as shown below:

• The Edit Virtual Hard Disk Wizard will start.  Select Convert from the Choose Action page and click Next.

• Select the VHDX disk format and click Next.

• Choose whether the new disk should be fixed size or dynamically expanding.  Note that this gives you the opportunity to change disk types from the previous disk type.  Click Next.
• Select the name and location for the new VHDX disk and click Next.
• Review the summary and click Finish to create the new disk.  This may take a few minutes depending on the size of the VHD and the speed of your hard drive(s).  A 30GB VHD converted in less than two minutes on my SSD drive.  The size of the new VHDX disk will be slightly larger than the original VHD disk.

• The last step is to mount the new VHDX disk to the Hyper-V VM.  Note the new VHDX extension.

Once you have started up your VM with the new VHDX disk you can safely delete the old VHD disk.  There are no other configurations necessary.

Read more ...

Welcome to MEC - The Lost Conference

I've come to MEC, the Microsoft Exchange Conference, in Orlando, FL to hear about Exchange 2013 and all things Exchange.  MEC is being called "the lost conference" since it was last held 10 years ago in Anaheim, CA.  The following year it was rolled into TechEd. 

This year it was decided to resurrect MEC to focus solely on Exchange and focus on Microsoft's new release of Exchange 2013.  While Scott Schnoll recently had some public sessions about Exchange 2013 (aka, E15) at TechEd Australia just recently, the attendees at MEC have been promised deep knowledge and hands-on learning of the new features.  MEC will feature 227 sessions about Exchange over 4 days.  126 of those will be about Exchange 2013.  Visit the MECisBack session list to see all the sessions.

 

MEC is being held entirely on site at the Gaylord Palms Resort in Kissimmee, FL.  This place is massive!  There are several restaurants, bistros, and cafes, and over 1,400 rooms all under one massive glass roof.  The resort includes a large pool area with an adult pool and a swim area, water park, and water slides for kids.

When I arrived, as was pleasantly surprised with a gift basket from the Exchange 2013 TAP Team.  It came with a nice welcome note thanking me for coming to MEC and for my assistance with the TAP/RDP program.  Very nice!

This afternoon registration opened and everyone already here began registering.  We each received a MEC satchel that contains an aluminum water bottle and the usual "stop by booth X for a chance to win" slicks.  We also got a MEC t-shirt and our valuable wristbands to the MEC attendee party, being held at Universal Studios Islands of Adventure theme park on Monday night.

 

 



It's been great meeting up with all my Exchange friends, including Squeaky Lobster!  Tonight we have a pre-reception event, hosted by my friends at F5.  We'll have an hour before heading to the MEC reception event tonight at 7pm.

I'll be tweeting from most of the sessions I attend, hightlighting important facts talked about during the sessions.  Follow @expta on Twitter to keep up on all the latest at MEC!

Read more ...

Apple Customer Service #FAIL

Argh!  It's not often I have such a bad customer service experience, but here's an example of how NOT to do things.

I decided to pre-order the Apple iPhone 5 today and had some questions about swapping SIMs, so I called 1-800-MY-APPLE.  The lady I talked to was nice enough, answered my questions, and offered to take my order.  I gave her all the information and confirmed with her that the iPhone 5 would be delivered September 21^st, but when I got the confirmation email it said it will be delivered October 10 - October 16.

I called back to confirm and was told I can change the order online to pick up in an Apple store on September 21st.  The guy sent me an email with a link to change my delivery, but after following the links on the Apple.com order page, it told me I cannot change my shipping type and I must call 1-800-MY-APPLE.

Call #3.  This guy tells me that they cannot change the order to store pickup because Apple.com and the retail stores are different.  He needs to cancel the order and transfer me to the retail store order line, which he does.  The retail order lady asks, "Why do they keep doing this? You can't order it for pickup at a store.  You'll need to re-order it again from 1-800-MY-APPLE.  Sorry I can't transfer you back."

Call #4. The automated router sends me to Technical Support instead of Orders.  Apparently, those words sound alike.  I tell this guy I need to talk to someone about un-canceling an order.  No can do, but he’ll be happy to place another order for me.  I give all my information again (don’t they already have that from the first order?!?).  I wait for my confirmation email, but nothing comes.  Thankfully, I got the web order number from him.

I look up my order on Apple.com using my web order number, but I get an error saying, “The signed in account does not have access to this order.”

 

Call #5. I find out that email address, phone number, and spelling are all wrong on the order.  I got that fixed (after repeating myself a dozen times) and asked to have the confirmation emailed to me.  Sure enough, it shows again that it will be delivered October 10 - October 16.  I tell her that I was first told it would be delivered September 21^st and I want to talk to a manager.  I was on hold through three complete songs (Chemical Brothers, “Call Me Maybe” and, I kid you not, “Crazy” by Patsy Cline) before she apologized for the wait and would transfer me to a manager.  What I got was an automated attendant that asked for the extension I was trying to reach.

At this point I’m so frustrated I’m going to cancel my order, but I just can’t put myself through another phone call with these people to do it right now. 

Now I know why people stand in long lines at the retail stores.

Read more ...

How to Rename an Existing DAG in Exchange 2010

Technically you can’t rename an existing Database Availability Group, but you can recreate it with a new name.  It's possible to do this without requiring that the databases within the DAG to reseed.

Here are the steps to recreate a DAG with a new name:

• Suspend all backups and disable circular logging if it's enabled.  This will ensure you have all the transaction logs required to update the database copies when you're done.


• Remove all database copies from the DAG.  This will remove them from the DAG, but doesn’t actually delete the database files on the server.

Remove-MailboxDatabaseCopy -Identity DB01\MBX3

• Remove all nodes from the DAG using the -ConfigurationOnly switch.  The Mailbox servers will be evicted from the DAG's cluster and removed from the DAG object in Active Directory.

Remove-DatabaseAvailabilityGroupServer -Identity DAG -MailboxServer MBX3 -ConfigurationOnly

• Remove the DAG.  Now that the DAG has no members, it can be deleted from Exchange and Active Directory.

Remove-DatabaseAvailabilityGroup -Identity DAG

• Clean up the cluster service on each node.  This restores the configuration of the Cluster service on the specified node to its original state.

cluster node /force

• Restart the Microsoft Exchange Replication service on each node.  Now each server is in standalone.  Databases should mount and be accessible.

Restart-Service MSExchangeRepl

• Create the DAG with the new name.  Ensure your DAG properties and network settings are correct.

New-DatabaseAvailabilityGroup -Name DAG3 -WitnessServer EXHUB2 -DatabaseAvailabilityGroupIPAddresses 10.0.0.8,192.168.0.8

• Add the nodes to the new DAG.

Add-DatabaseAvailabilityGroupServer -Identity DAG3 -MailboxServer MBX3

• Add mailbox database copies.  Exchange will see that the database copies already exist in the target file system and will resume replication.

Add-MailboxDatabaseCopy -Identity DB01 -MailboxServer MBX3 -ActivationPreference 3

As long as there wasn’t a tremendous amount of data churn (>~10%) you won’t need to reseed the databases.  Exchange will just replicate the logs generated from the time you removed the database copies.

Remember to resume your Exchange backups and reconfigure circular logging if it was previously enabled.

Read more ...

Exchange 2010 DAG Always Replicates from Active Database

Today's article is a tidbit of information, but important to call out for larger scale DAG deployments.

Exchange 2010 always uses the active database in the DAG as the source for log shipping during normal replication.  That means that if you have multiple passive copies in your DAG, Exchange ships transaction logs from the active copy to each passive copy, even if some of the copies are in the same site.  There is no peer-to-peer log shipping between passive copies in a DAG.

Simple four node DAG with three passive copies

In the example above we have a single DAG with the active database and one HA copy in DC1, and one DR copy and a lagged copy in DC2.  Log shipping occurs from the active database to the three passive copies, traversing the WAN twice for the copies in DC2.

This can have quite an affect on a complex enterprise deployment with multiple DAGs and many remote passive copies, so keep that in mind for your designs.

Note: Log shipping is different than seeding.  Seeding is a file copy of the database to another server.  Once seeding completes log shipping is used to keep that copy up to date. It is possible to seed a database from a specific server, perhaps one in the same site.  For more information see the "Selecting the Seeding Source" topic in http://technet.microsoft.com/en-us/library/dd335158.aspx.

Read more ...

Install and Configure Windows PowerShell Web Access in Three Easy Steps

Windows PowerShell Web Access Gateway Architecture

Windows PowerShell Web Access is a new feature in Windows Server 2012. It is an IIS application that provides a Windows PowerShell console in a web browser. The IIS application acts as a gateway between the web browser and the machines that you can connect to in your environment. These machines should have Windows PowerShell remoting enabled.

There are a number of resources that explain how to configure PowerShell Web Access, including this video.  I want to tell you how to do it in as few steps as possible. 

The following is all done from an elevated PowerShell window of the Windows 2012 server you want to install PWA on.

1.      Import the Server Manager PowerShell module and install the Windows PowerShell Web Access feature

Import-Module ServerManager 

Install-WindowsFeature -Name WindowsPowerShellWebAccess -IncludeManagementTools

2.      Install the Web Application in IIS

Install-PswaWebApplication [-UseTestCertificate]

 

Add the -UseTestCertificate  parameter if you don’t already have an SSL certificate installed on the server.  This will install a self-signed SSL certificate that will expire in 90 days.

To use an existing SSL certificate, make sure it is configured in Bindings on the Website to use that certificate.

3.      Configure Authorization Rules

Add-PswaAuthorizationRule -UserName domain\username -ComputerName * -ConfigurationName *

 

This Authorization Rule will allow the specified account to connect to any computer with any configuration name.

If you are installing on a workgroup server substitute the computer name for domain.

That's all there is to it! 

You can access Windows PowerShell Web Access from Internet Explore using the following URL: https://servername/pswa

Windows PowerShell Web Access Login

Enter your user name, password, and the computer name you want to connect to and then click Sign In. 
 


Windows PowerShell Web Access

 

A Windows PowerShell window will open in your IE browser, connected to the computer you targeted.
 
As mentioned above, the target computer must have Windows PowerShell remoting enabled.  You can do this by running the following command from an elevated PowerShell prompt:
 

 Enable-PSRemoting -Force

Read more ...