de-DEen-GB
 
rss

Just can't get enough of IT

This blog is about mostly anything in IT. But the primary focuses are Microsoft Technologies like Exchange, Office 365, Azure and Cloud Security.

When you run the following cmdlet to prepare Active Directory for the installation of an Exchange Server Cumulative Update (in this case CU17) you might encounter a System.UnauthorizedAccessException

D:\tmp\Cu17>setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms

Microsoft Exchange Server 2013 Cumulative Update 17 Unattended Setup


Unhandled Exception: System.UnauthorizedAccessException: Access to the path 'C:\
Windows\Temp\ExchangeSetup\ExSetup.exe' is denied.
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.File.SetAttributes(String path, FileAttributes fileAttributes)
   at Microsoft.Exchange.Setup.CommonBase.SetupHelper.DeleteDirectory(String pat
h)
   at Microsoft.Exchange.Bootstrapper.Setup.BootstrapperBase.CopySetupBootstrapp
erFiles()
   at Microsoft.Exchange.Bootstrapper.Setup.Setup.Run()
   at Microsoft.Exchange.Bootstrapper.Setup.BootstrapperBase.MainCore[T](String[
] args)
   at Microsoft.Exchange.Bootstrapper.Setup.Setup.Main(String[] args)

 

There is a simple reason for the the System.UnauthorizedAccessException:

  • .NET Framework Optimization Service 

The required .NET Framework 4.6.2 had been installed just minutes before executing setup.exe. Preparation of the Active Directory schema ran without any issues. But when the /PrepareSchema call finished, the temporary folder in C:\Windows\Temp\ExchangeSetup could not be fully cleaned up, as mscorsvw.exe had an open file handle on ExSetup.exe.

Additionally, when you run Setup.exe and the folder C:\Windows\Temp\ExchangeSetup exists, the setup will not try to copy required installation files. Regardless if the folder files exists in the folder or not.

.NET Optimization process running

Solution

  • End both mscorsw.exe processes or wait until both process have finished optimizing your .NET Framework applications
  • Manully delete the folder C:\Windows\Temp\ExchangeSetup
  • Run the required Exchange setup step again
D:\tmp\Cu17>setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms

Microsoft Exchange Server 2013 Cumulative Update 17 Unattended Setup

Copying Files...
File copy complete. Setup will now collect additional information needed for
installation.

Performing Microsoft Exchange Server Prerequisite Check

    Prerequisite Analysis                                     COMPLETED

Configuring Microsoft Exchange Server

    Organization Preparation                                  COMPLETED

The Exchange Server setup operation completed successfully.

 

Enjoy Exchange!

 

 

 

 

 

 

Read More »

The PowerShell module GlobalFunctions got updated to Version 2.0. This module is used by some of my PowerShell scripts which utilize centralized logging. 

The new release contains the first functions required for some upcoming scripts for managing on-boarding process for joiners and the off-boarding process for leavers for companies utilizing Office 365.

Changes

  • File encoding switch from UTF8 to Unicode
  • New functions
    • Format-SpecialCharactersUpperCase
    • New-RandomPassword

Notes

The New-RandomPassword functions is based on Simon Wahlin's script published here: https://gallery.technet.microsoft.com/scriptcenter/Generate-a-random-and-5c879ed5

Links

 

 

 

 

Read More »

Problem

The Skype for Business client merges contact data from different sources when displaying the contact card. The merged data is used to perform name resolution when performing a user search. In a more complex deployment scenario where an email domain name is in shared use in two in Active Directory forests you might run into a situation where the Skype for Business client tries to use the wrong target address.

Such a scenario would look like as follows.

Forest A is used as a dedicated infrastructure for developers. When logged on to the development network the users should be able to skype with colleagues currently connected to the default office client network.

Forest B is the default office client network.

Clients logged on to forest A connect to the Skype for Business infrastructure in forest B as external clients. Forest A is used for user account authentication while forest B is used for Skype for Business connection and authentication. 

Forest A

Forest A runs an Exchange Server 2013 organization.

  • Active Directory domain: SednaDevelopers.com
  • SMTP domains: dev.Sedna-Ltd.com, Sedna-Ltd.com

Forest B

Forest B runs an Exchange Server 2013 organization and a full Skype for Business 2015 server deployment.

  • Active Directory domains:
    • root.internal - Forest root, resource domain with Skype for Business 2015, Exchange 2013
    • Sedna-ltd.com - user domain, primary email domain
  • SMTP domain: Sedna-Ltd.com

Both Active Directory forests to not have trust of any sort established.

Such a configuration would result in forest A users trying to contact a Skype for Business user using the wrong address. Instead of using John.Doe@Sedna-Ltd.com the Skype for Business client of Jane Doe@Sedna-Ltd.com (logged on to forest A) would try to contact John.Doe@dev.Sedna-Ltd.com. As there is no endpoint defined for dev.Sedna-Ltd.com a connection could not be established. Therefore, no availability information is available and no call or chat connection could be established.

Reason

The Skype for Business client uses merged data pulled from the Skype for Business address and from the local (Forest A) Active Directory (GAL). This results in a connection attempt to John.Doe@dev.Sedna-Ltd.com.

Forest A object attributes

  • proxyAddresses: SMTP:John.Doe@dev.Sedna-Ltd.com
  • proxyAddresses: smtp:John.Doe@Sedna-Ltd.com
  • msExchShadowProxyAddresses: sip:John.Doe@Sedna-Ltd.com
  • msExchShadowProxyAddresses: SMTP:John.Doe@dev.Sedna-Ltd.com
  • msExchShadowProxyAddresses: smtp:John.Doe@Sedna-Ltd.com
  • msRTCSIP-UserEnabled: TRUE
  • msRTCSIP-PrimaryUserAddress: John.Doe@Sedna-Ltd.com

Forest B object attributes

  • proxyAddresses: sip:John.Doe@Sedna-Ltd.com
  • proxyAddresses: SMTP:John.Doe@Sedna-Ltd.com
  • msRTCSP-InternetAccessEnabled: TRUE
  • msRTCSIP-UserEnabled: TRUE
  • msRTCSIP-PrimaryUserAddress: John.Doe@Sedna-Ltd.com

Solution

  • Create a new text file named ocapi_test.config.xml using notepad
  • Add the following Xml text
<?xml version="1.0"?> 
<settings> 
  <UseMsoSearch>false</UseMsoSearch> 
</settings>
  • Save the file in same directory as Lync.exe
  • Terminate the Skype for Business client
  • Delete all files from the users SIP folder
    • e.g. C:\Users\JDOE\AppData\Local\Microsoft\Office\16.0\Lync\sip_Jane.Doe@Sedna-Ltd.com
  • Restart the Skype for Business client

 

Enjoy Skype for Business

 

 

 

 

Read More »

The community script Update-CASMailbox simplifies the process for enabling or disabling protocols for Exchange mailbox access. Active Directory security groups are used to enable or disable a protocol for the group members.

Example

Your Active Directory contains a security group named Exchange_POP_enabled which contains all mailbox users requiring POP3 access to be enabled.

You can use the following command to have POP3 enabled for all members of the given security group.

.\Update-CAS-Mailbox.ps1 -POP -FeatureEnabled $true -GroupName Exchange_POP_enabled

The script does not disable the POP3 for all non-members, as this might not be required as all new mailboxes have POP3 disabled anyway. If there is such a requirement, just let me know.

The following protocols are currently supported:

  • POP
  • IMAP
  • Outlook on the Web (OWA)
  • ActiveSync

Links

 


You need assistance with your Exchange Server setup? You have questions about your Exchange Server infrastructure and going hybrid with Office 365? You are interested in what Exchange Server 2016 has to offer for your environment?

Contact me at thomas@mcsmemail.de
Follow at https://twitter.com/stensitzki

Read More »