Redirecting Webmail (OWA) URLs in IIS for All Exchange Versions

In this post I will show you how to redirect all OWA requests to the correct HTTPS address. It works not only with OWA, but with EWS and/or ECP.

I’ve been doing this for as long as I can remember in Exchange 2007/2010/2013 so that requests go automatically to https://owa.customer.com/owa (or /exchange). So, if someone goes to http://owa.customer.com or https://owa.customer.com, they get redirected to the correct (secure) URL.

Windows 10 Anniversary Update vs Bitlocker. Error 0xc00000bd

 

Yesterday I decided to make some Updates and one of them was the Windows 10 Anniversary Update. I heard that there are many problems, but I decided to risk. Basically the news of this Update are these: https://www.microsoft.com/en-us/windows/features

The installation went smoothly and the Windows version went from 1511 to 1607. Only one reboot ahead... oh.. did I said that my computar had bitlocker configured? So, after restart it I put my bitlocker PIN and then, for the first time, I had to enter the Bitlocker Recovery key (yes, that key that we must save in the USB stick or print. If you have Bitlocker, please keep in mind that this key is very important and should always be present. I have mine in a Cloud service. I think it is a good option).

Then, after I entered the numerical key, a BSOD appeared (Blue Screen of Death) with 0xc00000bd.
Something like this:

Recovery

         Your PC/Device needs to be repaired

         A required device isn't connected or can't be accessed.

         Error code: 0xc00000bd

         You'll need to use recovery tools. If you don't have any installation media (like a disc or USB

         device), contact your PC administrator or PC/Device manufacturer.

         Press Enter to try again         Press F8 for Startup Settings

In short, I lost access to my disk drive and Windows could not start up. I could not put a DVD to repair, because the system could  not recognize the Drive. Let's see how to solve this situation without loosing data.

Working with NLB - RDP Not Working with Black Screen. Some Considerations

Windows Network Load Balancing (NLB) is a feature that distributes network traffic among multiple servers or virtual machines within a cluster to avoid overloading any hosts and improve performance. The Network Load Balancing feature uses the TCP/IP networking protocol to route traffic to different hosts based on a user's settings and a proprietary Microsoft distribution algorithm. The feature is available in Microsoft Windows Server 2008, 2008 R2, 2012 and 2012 R2 operating systems.

Network Load Balancing can also ensure network traffic is re-routed to remaining hosts if one or more hosts within the cluster fail unexpectedly. A Network Load Balancing cluster can scale up to 32 servers/nodes.

We can use NLB when configuring Terminal Servers High Availability. Let's take for instance the picture below:

All the Internal Users and possible External Users can use the VIP Address of the NLB to reach one of the Terminal Servers. If one Server is Down, the NLB automatically redirects all the requests to the remaining one. The same happens with WebServers.
 

Let's see some of the most common problems and considerations:

 

Root Access Technicolor Router

I noticed that my public IP was pingable from the outside, but I never had the chance to disable this option. Yesterday, I spent some time and I found that this option is only visible by command line and we need to have ROOT on the device (WTH). By default, the ISP only provides us the Administrator user to do some "basic" tasks. So, I had to have root access :)

The router in question is a Technicolor TG784n.v3 but it might work with other versions.

Let's see how to do it!

Windows Time Server Configuration

Usually when I install a new Windows domain or want to change the time server, I have to perform some steps. The settings are as follows:

Prevent Cryptolocker Ransomware

UPDATED!

Increasingly this subject have an extreme importance, especially in business and where the data is more sensitive.

 

For those who are unaware, this type of ransomware (after the user access any site and/or click on an executable file that is usually sent by email) encrypts all data that the user has access, including mapped drives. After this encryption the user is prompted to pay a certain amount (usually 500 euros/dollars) to have access to the decryption key. There is no solution! Only prevention.

 

In this Post I will show you nine ways of prevention!

Migrate Exchange 2007-2010 Public Folders to Exchange 2013

 

In this Post I wil show you how to migrate Public folders from an earlier Exchange to Exchange 2013 (The process is the same in Exchange 2007 and 2010). It will not work with Exchange 2003.

First of all, the requirements:

• The user that will do the migration must belong to Organization Management and Recipient Management groups (Active Directory);
• All the mailboxes must already be in Exchange 2013 (All Mailboxes migrated). I will not cover in this Post how to migrate Mailboxes;
• The Public Folders migration must be planned (because there is a downtime);
• Before the migration, do a Full Backup of the legacy Exchange Server and Public Folders.

 The Migration process:

1. Download the migration Scripts;
2. Prepare the Migration;
3. Generate the CSV files;
4. Create the Public Folders Mailboxes in Exchange 2013;
5. Start the Migration;
6. Lock the Public Folders to Finalize the migration (requires downtime);
7. Finalize the Migration;
8. Unlock and Test the Public Folders.

Side Notes:

• Can not exist Public Folders in Exchange 2013 before the migration;
• All DNS Records must "point" to Exchange 2013 (like webmail, autodiscover, etc.);
• For some reason, if there are any Mailbox in Exchange Legacy, the public folder will be pointing to the Exchange Legacy;
• If there are Public Folders already created in Exchange 2013, all Migrated Mailboxes will automatically be pointing to the Exchange 2013 Public Folder instead of Exchange Legacy.

 

Ok, now that we have all the requirements, let's start!

VMware Package Tools

Sometimes when we install a virtual machine with applications and drivers that are not standard, we have difficulty installing VMware Tools. So, in this post I will provide you a link where you can find all the drivers from all VMware versions. With this you can install a single driver or you can troubleshoot a spcific issue.

The page looks like this:

How to Recreate Active Directory Default Domain Policy GPO

A few months ago, I had a problem in a costumer where the Default GPOs ("Default Domain Policy"or/and the "Default Domain Controller Policy") were corrupted. I think the error was 0xc00ce509 and this will usually show up in the Group Policy management console.
If you have this errors, then your GPOs are not being applied at all.

The solution is simple!

Publishing Exchange 2010 Services in ISA 2006 or TMG 2010 with Certificates

 

 

In this Post I will show you how to Publish all of the Exchange Services in Firewall Rules (with certificates) so you can access it through Webmail, ActiveSync and/or Outlook Anywhere.

This will work with Microsoft Exchange 2007/2010 and Microsoft ISA 2006 and TMG 2010. Other versions of Exchange will work, but you will need to change some of the paths in the Firewall.

The Steps are:

1. Create and Import the Certificates;
2. Configure the Exchange Server;
3. Create the Web Listener in the Firewall;
4. Configure of the Publishing Rules
1. WebMail (OWA)
2. Outlook Anywhere
3. ActiveSync
5. Troubleshooting

With this configuration you can access your Email from Outside/Internet using your favorite browser or any mobile application that use Exchange Services or ActiveSync. With Outlook Anywhere you can use your Outlook like you were in the Office.

So, let's begin!

Remotely Enable Remote Desktop in Windows

In this Post I will show you how to Remotely enable Remote Desktop in Windows. It will work in all versions of Windows from 7 to 10. By default Windows 7 doesn't allow Remote Desktop connections and this has to be enabled by the user (or set via group policy). What happens if you eed quick remote access to a desktop? If you're in a domain environment you may just be in luck. There are four steps needed to remotely enable RDP connections.

1. Open ports in the Windows firewall
2. Start the Remote Registry service
3. Change a registry setting to enable Remote Desktop
4. Start the Remote Desktop service

How to Get Rid of the Notification Upgrade to Windows 10

 

To get rid of the icon that is always appearing in Windows 7, 8 and 8.1 permanently, you must follow this steps:
 

•   Uninstall KB3035583 which is responsible for these notifications:
• Control panel, windows update, installed updates, sort by name, "Update for Microsoft Windows KB3035583" (not a Security Update) and uninstall;
• Reboot.

An alternative method is to open a command promp and enter the following:

• wusa /uninstall /KB:3035583

When you're offered the same Update again via Windows Update remember to hide it. If you are using some kind of central patching like WSUS, remember to not Approve this Update.

SCCM 2012 Error 0x8007000F & 0x80070490

I have installed several SCCM (2007, 2012) and in all of them I have to troubleshoot something :) Yeah! In this case it was an error 0x8007000F \ 0x80070490 when I deployed an image to some Computers that already had an image deployed previously.

Step-by-Step - Disaster Recovery From Hyper-V 2012 R2 to Azure - PART2

Hello guys, in the last PART of this article I prepared all the Hyper -V infrastructure and Azure for Disaster Recovery. In this part we will see how we test it in different ways

1. Testing Failover On-Premises to Azure;
2. Failover Planned On-Premises to Azure;
3. Failover Planned Azure to On-Premises;
4. Failover UnPlanned On-Premises to Azure;
5. Failover UnPlanned Azure to On-Premises.

Step-by-Step - Disaster Recovery From Hyper-V 2012 R2 to Azure - PART1

In the following two articles I will show you how to make a copy of virtual machines from Hyper-V to Azure and thus set up a Disaster Recovery with VM replication. How cool is that? :)

 

Requirements:

• Only for VMs in Windows Server 2008 R2 or higher;
• For this scenario it will be necessary a Virtual Machine with Virtual Machine Manager 2012 R2 installed (VMM) and Hyper-V 2012 R2;
• Node(s) in the Hyper-V and VMM must have access to the Internet (ports 80 and 443), so we can replicate information;
• You can create a Site-to-Site VPN for Azure DR so that there is communication between On-Premises and DR VMs (Optional);
• Like previuos point, you can create a Point-to-site network so that users can access Azure DR VMs (Optional);
• Geo-Redundant storage for VMs replicas.

SCCM 2012 Troubleshooting Tools

I have installed and configured, for many years, one of the most useful tools of Microsoft, SCCM 2012 (Microsoft System Center Configurations Manager 2012) and the Troubleshooting is not so easy. So in this post I'll reference some of the best apps to do it. You can download the Trial Version of SCCM from here: https://www.microsoft.com/en-us/evalcenter/evaluate-system-center-2012-r2-configuration-manager-and-endpoint-protection

The Management Console has many options to control all the Servers, Clients and Mobile Phones, but there are some other tools that can help the Administrators to achive that objective, and most important is that they are free! I will name some of them.

Hotfix KB2830145 can't be installed - SID S-1-18-1 and SID S-1-18-2

If you have a Forest and Domain in Windows Server 2003 Level and Migrate to Windows Server 2012 (R2) Level, you may encounter some errors mapping users (Sharepoint or .NET errors).
The crux of the issue is that Windows Server 2012 (and above) introduce two new SIDs. The problem is that Windows 7 and Windows Server 2008 R2 clients do not know about these SIDs (SID S-1-18-1 and SID S-1-18-2) because when they were written these particular SIDs didn’t exist.

The Solution from Microsoft is to install the Patch KB2830145 in all that Servers and Clients. It seems simple, but when you try to install, you might have some errors or the patch can take some days (yes, I said days) to install.

To check if you have this issue on one of the servers, try to use the psgetsid.exe tool (downloaded from https://technet.microsoft.com/en-us/sysinternals/bb897417.aspx)

Exchange Server 2007 Lost - How to Recover Installation and Definitions on a New Server

To end the year smoothly (or not!), I recently had a costumer that lost the Physical Exchange server because a corruption of the disks after a power failure.
The worst fear of any Microsoft Exchange Server administrator is a complete crash of the Exchange server.
First thing to ask.. Backups! Ok, we have backups from the Exchange databases, but not from the Operational System and Exchange Installation.
In this post I'll show how to recover step by step a exchange server (in this case Exchange 2007 with Windows Server 2008. It applies to Exchange 2010 and Windows Server 2003 too) with the following roles: Mailbox, Client Access, Hub Transport, and Management Tools from scratch.