MVP - Most Valuable Professional
rss

Just can't get enough of IT

This blog is about mostly anything in IT. But the primary focuses are Microsoft Technologies like Exchange, Office 365, Azure and Cloud Security.

Exchange Server 2013Exchange Server 2016Description

This scripts helps to suspend all messages in an Exchange transport queue and to export all suspended messages to a given target folder.

The script uses the AssembleMessage cmdlet to properly export queued messages as .eml files.

Optionally, all exported messages can be removed from the transport queue. 

Note

This script requires the GlobalFunctions module for logging.

Examples

# EXAMPLE 1
# Export messages from queue MCMEP01\45534 to D:\ExportedMessages and do not delete messages after export
.\Export-MessageQueue -Queue MCMEP01\45534 -Path D:\ExportedMessages

# EXAMPLE 2
# Export messages from queue MCMEP01\45534 to D:\ExportedMessages and delete messages after export
.\Export-MessageQueue -Queue MCMEP01\45534 -Path D:\ExportedMessages -DeleteAfterExport

Version History

  • 1.0, Initial community release
  • 1.1, Some PowerShell hygiene 

 

As always: Test and familiarize yourself with the script in a test or development environment.

Links

Follow

 

Read More »

The other day I came across the famous "Windows Installer reconfigured the product X" error. I am going to name it an error even if the event log entry is catagorized as informational.

Windows Installer reconfigured the product. 
Product Name: [PRODUCT NAME]. 
Product Version: [VERSION]. 
Product Language: [LOCALE ID]. 
Manufacturer: [MANUFACTURER]. 
Reconfiguration success or error status: 0.

In preparation for an Exchange Server 2013 setup I was wondering that Event Id 1035 was logged every 4 hours. The MsiInstaller itself got triggered by the Systems Account, which is pretty normal. By using Windows Performance Recorder (WPR) and Windows Performance Analyzer (WPA) I was able to identify that the MsiInstaller was triggered when a PowerShell script got executed.

Screenshot Windows Performance Recorder (WPR) and Windows Performance Analyzer (WPA)

Note: WPR and WPA are part of the Windowas ADK (see Links section)

It turned out that the PowerShell script itself was part of a Nagios-style monitoring solution and was executed as part of a plug-in. The system monitoring was part of the base template of the virtual machine.

But why would a PowerShell script trigger MsiInstaller?

The script was using a Get-WmiObject query to fetch an inventory of installed software on the server.

To quote Ed Wilson (The Scripting Guy):

"This would not a terrible thing to do in your dev or test environment. However, I would not recommend querying Win32_Product in your production environment unless you are in a maintenance window."

Think of running such a query on an Exchange Server 2013 in production environment (which I did just for the sake of it) triggers the "reconfiguration" of all installed software on the server. The number of generated event log entries will drive you (as an Administrator) crazy.

If you are in need to get an inventory of the installed software on server, do not use the Win32_Product class.

Instead follow the advice given by Ed Wilson to query the Windows Registry and fetch the data provided under

HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall 

PowerShell Query:

Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Format-Table –AutoSize 

Enjoy.

Links

 

Note: This post was published oroginally on 2015-02-25 on my retired blog SF-Tools.

 

 

Read More »