Wednesday, December 8, 2010

How to remove old Entries of Outlook Nickname Cache

SUMMARY
Microsoft Outlook maintains a nickname list that is used by both the automatic n...

Microsoft Outlook maintains a nickname list that is used by both the automatic name checking and the automatic completion features. The nickname list is automatically generated as you use Outlook. If the nickname cache is corrupted, Outlook may not be able to identify recipients, may offer incorrect recipients when automatically completing the e-mail address, or may send the message to the wrong person.

Unlike earlier versions of Outlook that store the nickname cache in a file on your hard drive, Outlook 2010 stores the nickname cache in your primary message store. For example, if you are using a Microsoft Exchange Server account, your nickname cache is stored in a hidden message in your mailbox.
 

MORE INFORMATION
How to remove nickname cache entries, one at a time Outlook 2010 Open a new emai...

How to remove nickname cache entries, one at a time

Outlook 2010

  1. Open a new email message.
  2. Type the first few characters of the nickname cache entry that you want to remove from the cache.
  3. When the entry appears in the "suggested names" list, move your mouse pointer over the name until it becomes highlighted. (But do not click the name).
  4. When the "X" icon appears next to the highlighted name, click X to remove the name from the list.

Outlook 2007 or Outlook 2003

  1. Open a new email message.
  2. Type the first few characters of the nickname cache entry that you want to remove from the cache.
  3. When the entry appears in the "suggested names" list, use the UP and DOWN arrow keys on your keyboard to select the entry, and then press DELETE on your keyboard.

How to clear the whole nickname cache

Outlook 2010

Use one of the following methods to reset the whole Outlook nickname cache for Microsoft Outlook 2010. 

Method 1

  1. With Outlook 2010 open, click File (BackStage), and then click Options.
  2. Click the Mail tab.
  3. Under Send Messages, click Empty Auto-Complete List.
Outlook will generate a new nickname cache.


Method 2

  1. Click Start, and then click Run.
  2. Start Outlook by using the /CleanAutoCompleteCache switch.

    For example: Outlook.exe /CleanAutoCompleteCache

    Note If Outlook is not installed in the default location, you must point to the path of Outlook.exe. 
Outlook will generate a new nickname cache.

Outlook 2002 through Outlook 2007

Windows 7 or Windows Vista: Use the following steps to reset the whole Outlook nickname cache.
  1. Exit Outlook.
  2. Click Start, and then click click Computer.
  3. Click Organize, and then click Folder and search options.
  4. On the View tab, click to enable the Show hidden files, folders, and drives option.
  5. Click OK.
  6. On the Start menu, click All Programs, click Accessories, and then click Run.
  7. In the Run dialog box, type the following command (including the quotation marks), and then click OK:

    "C:\ Users\UserName\AppData\Roaming\Microsoft\Outlook"


    Note Username in this path is the name of the currently logged on Windows user.
  8. Right-click the .NK2 file that has name of the profile that you want to reset, and then click Rename
  9. Rename the file as profilename.bak, and then press ENTER.
  10. Start Outlook.
 Windows XP: Use the following steps to reset the whole Outlook nickname cache.
  1. Quit Outlook.
  2. Click Start, and then click Search.
  3. In the Search Companion left-side panel, click All files or folders.
  4. In the All or part of the file name: box, type *.NK2.
  5. In the Look In box, click to select your local hard disk.
  6. Click More advanced options, click to select Search hidden files and folders check box.
  7. Click Search.
  8. Right-click the .NK2 file with the name of the profile that you want to reset, and then click Rename.
  9. Rename the file to profilename.bak, and then press ENTER.
  10. Quit Windows Explorer.
  11. Restart Outlook.
Outlook will generate a new nickname cache.

Use the steps in the following section to reset the Outlook nickname cache for both Microsoft Windows 2000 and Microsoft Windows Millennium Edition (Me).
  1. Quit Outlook.
  2. Start Windows Explorer.
  3. On the Tools menu, click Folder Options, and then click the View tab.
  4. Under Advanced Settings, click to select the Show hidden files and folders check box.
  5. Click OK.
  6. Click Start, point to Search, and then click For Files or Folders.
  7. In the Search for Files and Folders box, type *.NK2 in the Search for files or folders named box.
  8. In the Look In box, click to select your local hard disk.
  9. Click Search Now.
  10. Right-click the .NK2 file with the name of the profile that you want to reset, and then click Rename.
  11. Rename the file to profilename.bak, and then press ENTER.
  12. Quit Windows Explorer.
  13. Restart Outlook.
Outlook will generate a new nickname cache.

Use the steps in the following section to reset the Outlook nickname cache for both Microsoft Windows NT 4.0 and Microsoft Windows 98:
  1. Quit Outlook.
  2. Start Windows Explorer.
  3. On the Tools menu, click Folder Options, and then click the View tab.
  4. Under Advanced Settings, click to select the Show all files check box.
  5. Click OK.
  6. Click Start, point to Search, and then click For Files or Folders.
  7. In the Named box, type *.NK2.
  8. In the Look In box, click to select your local hard disk.
  9. Click Find Now.
  10. Right-click the .NK2 file with the name of the profile that you want to reset, and then click Rename.
  11. Rename the file to profilename.bak, and then press ENTER.
  12. Quit Windows Explorer.
  13. Restart Outlook.
Outlook will generate a new nickname cache.

Monday, November 8, 2010

Upgrading an Active Directory Domain from Windows Server 2003 to Windows Server 2008 or Windows Server 2008 R2

Upgrading an Active Directory Domain from Windows Server 2003 to Windows Server 2008 or Windows Server 2008 R2

!!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOUR DATA/MACHINE!!!

If you have installed Exchange 2003 in the domain see the following article first, Exchange requirements otherwise follow the steps below

- On the old server open DNS management console and check that you are running Active directory integrated zone (easier for replication, if you have more then one DNS server)

- run replmon from the run line or repadmin /showrepl(only if more then one DC exist), dcdiag and netdiag from the command prompt on the old machine to check for errors, if you have some solve them first. For this tools you have to install the support\tools\suptools.msi from the 2003 installation disk.

- run adprep /forestprep and adprep /domainprep and adprep /rodcprep from the 2008 installation disk against the 2003 schema master(forestprep) / infrastructure master(domainprep/rodcprep), with an account that is member of the Schema/Enterprise/Domain admins, to upgrade the schema to the new version (44) or 2008 R2 (47). On the Windows Server 2008 R2 disk are adprep32.exe (32bit) and adprep.exe (64bit) located, so make sure to use the correct version.

- see here about adprep in detail (http://technet.microsoft.com/en-us/library/cc731728(WS.10).aspx)

- you can check the schema version with "schupgr" or "dsquery * cn=schema,cn=configuration,dc=domainname,dc=local -scope base -attr objectVersion" without the quotes in a command prompt

- Install the new machine as a member server in your existing domain

- configure a fixed ip and set the preferred DNS server to the old DNS server only, think about disabling IPv6 if you are not using it, some known problems exist with it. Follow (http://blogs.dirteam.com/blogs/paulbergson/archive/2009/03/19/disabling-ipv6-on-windows-2008.aspx) to disable it

- run dcpromo and follow the wizard to add the 2008 server to an existing domain, make it also Global catalog and DNS server.

- for DNS give the server time for replication, at least 15 minutes. Because you use Active directory integrated zones it will automatically replicate the zones to the new server. Open DNS management console to check that they appear

- if the new machine is domain controller and DNS server run again replmon, dcdiag and netdiag (copy the netdiag from the 2003 to 2008, will work) on both domain controllers

- Transfer, NOT seize the 5 FSMO roles to the new Domain controller (http://support.microsoft.com/kb/324801) applies also for 2008), FSMO should always be on the newest OS DC

- after transfer of the PDCEmulator role, configure the NEW PDCEmulator to an external timesource and reconfigure the old PDCEmulator to use the domainhierarchie now. Therefore run on the NEW "w32tm /config /manualpeerlist:PEERS /syncfromflags:manual /reliable:yes /update" where PEERS will be filled with the ip address or server(time.windows.com) and on the OLD one run "w32tm /config /syncfromflags:domhier /reliable:no /update" and stop/start the time service on the old one. All commands run in an elevated command prompt without the quotes.

- you can see in the event viewer (Directory service) that the roles are transferred, also give it some time

- reconfigure the DNS configuration on your NIC of the 2008 server, preferred DNS itself, secondary the old one

- if you use DHCP do not forget to reconfigure the scope settings to point to the new installed DNS server

- if needed move the DHCP database to the Windows server 2008 machine, follow (http://support.microsoft.com/kb/962355), for more details see (http://technet.microsoft.com/en-us/library/cc772372.aspx)

Demoting the old DC (if needed)

- reconfigure your clients/servers that they not longer point to the old DC/DNS server on the NIC

- to be sure that everything runs fine, disconnect the old DC from the network and check with clients and servers the connectivity, logon and also with one client a restart to see that everything is ok

- then run dcpromo to demote the old DC, if it works fine the machine will move from the DC's OU to the computers container, where you can delete it by hand. Can be that you got an error during demoting at the beginning, then uncheck the Global catalog on that DC and try again

- check the DNS management console, that all entries from the machine are disappeared or delete them by hand if the machine is off the network for ever

- also you have to start AD sites and services and delete the old servername under the site, this will not be done during demotion

Monday, October 18, 2010

MSExchangeRepl 2147 / MSExchangeRepl 2104 / MSExchangeRepl 2127 occurring on Windows 2008 or Windows 2008 R2 with Exchange 2007 Cluster Continuous Replication (CCR)

When Exchange 2007 CCR is installed on Windows 2008 or Windows 2008 R2 the following error may be noted in the application log of the passive node:

Log Name: Application
Source: MSExchangeRepl
Event ID: 2104
Task Category: Service
Level: Error
Keywords: Classic
User: N/A
Computer: MACHINE
Description:
Log file action LogCopy failed for storage group EXCLUST01\SG2. Reason:
CreateFile(
\\Server\StorageGroupGUID$\LogFile.log) = 2

If the CCR cluster is not utilizing continuous replication host names the following event series may also be noted:

Event ID : 2147
Raw Event ID : 2147
Source : MSExchangeRepl
Type : Error
Machine : SERVER
Message : There was a problem with 'ActiveNode', which is an alternate name for 'ActiveNode'. The list of aliases is now 'ActiveNode', and the alias 'was' removed from the list. The specific problem is 'CreateFile(
\\ActiveNode\StorageGroupGuid$\LogFile.log) = 2'.

ID:       2127
Level:    Information
Provider: MSExchangeRepl
Machine:  SERVER
Message:  The system has detected a change in the available replication networks.  The system is now using network 'ActiveNode' instead of network 'ActiveNode' for log copying from node ActiveNode.

In this situation if the solution is aggressively monitored you may not that replication is temporarily failed and then resumes automatically as healthy.  This occurs due to a temporary pause in replication when the error condition is detected, while the replication service attempts to find other replication paths, and then automatically re-attempts the same copy operation.

If the CCR cluster is utilizing continuous replication host names the following event series may also be noted:

Event ID : 2147
Raw Event ID : 2147
Source : MSExchangeRepl
Type : Error
Machine : SERVER
Message : There was a problem with 'ReplicationHostName', which is an alternate name for 'ActiveNode'. The list of aliases is now 'ActiveNode', and the alias 'was' removed from the list. The specific problem is 'CreateFile(
\\ReplicationHostName\StorageGroupGUID$\LogFile.log) = 2'.

ID:       2127
Level:    Information
Provider: MSExchangeRepl
Machine:  SERVER
Message:  The system has detected a change in the available replication networks.  The system is now using network 'ActiveNode' instead of network 'ReplicationHostName' for log copying from node ActiveNode.

Error 2 is ERROR_FILE_NOT_FOUND

In this situation the error is detected on the replication host name.  The replication service will temporarily pause replication while other network paths are enumerated.  If other continuous replication host names are in use, the replication serivce will select an alternate replication host name and automatically resume log copying.  If the only path valid is the "public" path, the replication service will begin copying log files over the "public" network.  Eventually this error occurs on the public network, forcing network re-enumeration to occur and replication to automatically switch back to the replication network.  If the solution is aggressively monitored, the replication status may be failed during this switch but will automatically resume healthy.

In almost all incidences these errors are considered benign to the operation of the Exchange Server.

The replication service is extremely aggressive in its attempts to copy log files.  The replication service is always aware of the next log file in the series that requires copying to the passive node.  As part of normal processes the replication service may query multiple times for the presence of this file and make copy attempts.  These attempts may result in the replication service querying for a  log file that is not fully available.  Under Windows 2003 this was not necessarily an issue.  Windows 2008 introduces a component into SMBv2 that may cause this to be a problem.

SMBv2 introduces status caching into the LanManWorkstation service.  When an application requests information from a file share, the workstation service caches the response from the server hosting the share.  Subsequent requests for the same information are returned from cache rather than re-contacting the server hosting the share.  Eventually this cache will expire (in our case it expires by the time replication is failed / resumed <or> a switch between replication host names occur).  The replication service has received feedback that the log file in question should not be available for copy, attempts to copy it, and receives an older return status that the file is not ready (even though the file does exist on the source at the time the attempt is made).  In turn the replication service detects this as an error condition and takes action.

From a Windows 2008 / Windows 2008 R2 perspective this is by design.

To correct these errors on an Exchange 2007 / Windows 2008 <or> Exchange 2007 / Windows 2008 R2 implementation, the following registry keys should be set to a zero (0) value and the nodes rebooted:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Lanmanworkstation\Parameters

FileInfoCacheLifetime [DWORD]

FileNotFoundCacheLifetime [DWORD]

DirectoryCacheLifetime [DWORD]

If the DWORDs (32bit)  are not present they may need to be created.  The recommended value is HEX / DEC 0.

More information on these keys can be found here: http://technet.microsoft.com/en-us/library/ff686200(WS.10).aspx  (Note that registry path in the article is missing the SERVICES hive – correct path in blog post).

Thursday, September 30, 2010

Get-OWAVirtualDirectory Error on Windows 2003 X64

We have an Exchange 2007 CCR Cluster on Server 2008 X64 Enterprise.

Exchange 2007 CAS / Hub Transport role on Server 2003 x64.

 

Get error once run EMC from CAS -64 bit machine

 

--------------------------------------------------------
Microsoft Exchange Error
--------------------------------------------------------
The following error(s) were reported while loading topology information:

Get-ActiveSyncVirtualDirectory
Failed
Error:
Unable to create Internet Information Services (IIS) directory entry. Error message is: Access is denied.
. HResult = -2147024891.

Access is denied.
.
Directory Path: IIS://<SVRNAME>.<domain>.com/W3SVC/1/ROOT/Microsoft-Server-ActiveSync
Detail:
server name: <SVRNAME>.<domain>.com
local machine name: <SVRNAME>
local machine fqdn: <SVRNAME>.<domain>.com

Access is denied.

 

 


Get-OabVirtualDirectory
Failed
Error:
Unable to create Internet Information Services (IIS) directory entry. Error message is: Access is denied.
. HResult = -2147024891.

Access is denied.
.
Directory Path: IIS://<SVRNAME>.<domain>.com/W3SVC/1/ROOT/OAB
Detail:
server name: <SVRNAME>.<domain>.com
local machine name: <SVRNAME>
local machine fqdn: <SVRNAME>.<domain>.com

Access is denied.

 

 


Get-OWAVirtualDirectory
Failed
Error:
Unable to create Internet Information Services (IIS) directory entry. Error message is: Access is denied.
. HResult = -2147024891.

Access is denied.
.
Directory Path: IIS://<SVRNAME>.<domain>.com/W3SVC/1/ROOT/owa
Detail:
server name: <SVRNAME>.<domain>.com
local machine name: <SVRNAME>
local machine fqdn: <SVRNAME>.<domain>.com

Access is denied.

 

Resolution:

 

I changed the DCOM Communication Properties on  - 2003 Boxes to the following:

 

Run >> dcomcnfg

 

Component Services >> Computers >>

Right Click - My Computer

Choose Properties

 

Default Properties Tab:

 

Enable DCOM on this computer: Checked

Default Authentication Level: Connect

Default Impersonation Level: Impersonate

 

The only thing I changed was the Impersonation Level to "Impersonate"; which was by default, set to "Identify".

 

After the change; I restarted the EMC, and no more errors. Closing and reopening the EMC was essential or the errors would persist. Nevertheless, it is solved for now.

 

Reference:

 

http://msdn.microsoft.com/en-us/library/aa389284(VS.85).aspx

 

 

Friday, August 13, 2010

How to rebuild index for Exchange 2007 DBs

Run error with Exchange 2007 DB index. Users reported they cannot find any message either from Outlook or OWA. Check Exchange server event log and find two events for two of the DBs.
 
Log Name:      Application
Source:        MSExchangeIS Mailbox Store
Date:          8/5/2010 12:22:47 PM
Event ID:      1025
Task Category: General
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      MBX-1
Description:
An error occurred on database "DB1\DB1".
 Function name or description of problem: Content Indexing received an unusual and unexpect error code from MSSearch
Error: 0xc0041800
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="MSExchangeIS Mailbox Store" />
    <EventID Qualifiers="32774">1025</EventID>
    <Level>3</Level>
    <Task>6</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-08-05T16:22:47.000Z" />
    <EventRecordID>810560</EventRecordID>
    <Channel>Application</Channel>
    <Computer>MBX-1</Computer>
    <Security />
  </System>
  <EventData>
    <Data>Content Indexing received an unusual and unexpect error code from MSSearch</Data>
    <Data>0xc0041800</Data>
    <Data>DB1\DB1</Data>
  </EventData>
</Event>
 
Log Name:      Application
Source:        MSExchange Search Indexer
Date:          8/5/2010 12:23:09 PM
Event ID:      107
Task Category: General
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      MBX-1
Description:
Exchange Search Indexer has temporarily disabled indexing of the Mailbox Database DB2\DB2 (GUID = 29df8d7a-dd2d-45fa-9852-0b079f996129) due to an error (System.ComponentModel.Win32Exception: Unknown error (0x80043613)
   at Microsoft.Exchange.Msfte.CSrchProject.SendBatch(BatchInformation batchInformation)
   at Microsoft.Exchange.Search.NotificationQueue.ProcessingProcedure()).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="MSExchange Search Indexer" />
    <EventID Qualifiers="32772">107</EventID>
    <Level>3</Level>
    <Task>1</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2010-08-05T16:23:09.000Z" />
    <EventRecordID>810563</EventRecordID>
    <Channel>Application</Channel>
    <Computer>MBX-1</Computer>
    <Security />
  </System>
  <EventData>
    <Data>DB2\DB2</Data>
    <Data>29df8d7a-dd2d-45fa-9852-0b079f996129</Data>
    <Data>System.ComponentModel.Win32Exception: Unknown error (0x80043613)
   at Microsoft.Exchange.Msfte.CSrchProject.SendBatch(BatchInformation batchInformation)
   at Microsoft.Exchange.Search.NotificationQueue.ProcessingProcedure()</Data>
  </EventData>
</Event>
Based on these events, we decided to rebuild index for these two troubled DBs. After reindexing, everything goes to normal and users can do search from their mailbox again.
 
Here is list of cmdlet I used for reindex. (note: please plan run the cmdlet off hours since it uses CPU resources)
 
1. GetSearchIndexForDatabase -All
    to get list of index folder of all DBs. You will notice that these two troubled index folder's last modified date is not current.
 
2. ResetSearchIndex.ps1 -force  DB1
    ResetSearchIndex.ps1 -force  DB2
 
Note: it only needs DB name. it doesn't asked for Storage Group name or server name.
 

Sunday, August 8, 2010

How to transfer FSMO roles using Ntdsutil utility

Transfer FSMO roles

To transfer the FSMO roles by using the Ntdsutil utility, follow these steps:
  1. Log on to a Windows 2000 Server-based or Windows Server 2003-based member computer or domain controller that is located in the forest where FSMO roles are being transferred. We recommend that you log on to the domain controller that you are assigning FSMO roles to. The logged-on user should be a member of the Enterprise Administrators group to transfer Schema master or Domain naming master roles, or a member of the Domain Administrators group of the domain where the PDC emulator, RID master and the Infrastructure master roles are being transferred.
  2. Click Start, click Run, type ntdsutil in the Open box, and then click OK.
  3. Type roles, and then press ENTER.

    Note To see a list of available commands at any one of the prompts in the Ntdsutil utility, type ?, and then press ENTER.
  4. Type connections, and then press ENTER.
  5. Type connect to server servername, and then press ENTER, where servername is the name of the domain controller you want to assign the FSMO role to.
  6. At the server connections prompt, type q, and then press ENTER.
  7. Type transfer role, where role is the role that you want to transfer. For a list of roles that you can transfer, type ? at the fsmo maintenance prompt, and then press ENTER, or see the list of roles at the start of this article. For example, to transfer the RID master role, type transfer rid master. The one exception is for the PDC emulator role, whose syntax is transfer pdc, not transfer pdc emulator.
  8. At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the ntdsutil prompt. Type q, and then press ENTER to quit the Ntdsutil utility.

How to Seize FSMO Roles

Seize FSMO roles

To seize the FSMO roles by using the Ntdsutil utility, follow these steps:
  1. Log on to a Windows 2000 Server-based or Windows Server 2003-based member computer or domain controller that is located in the forest where FSMO roles are being seized. We recommend that you log on to the domain controller that you are assigning FSMO roles to. The logged-on user should be a member of the Enterprise Administrators group to transfer schema or domain naming master roles, or a member of the Domain Administrators group of the domain where the PDC emulator, RID master and the Infrastructure master roles are being transferred.
  2. Click Start, click Run, type ntdsutil in the Open box, and then click OK.
  3. Type roles, and then press ENTER.
  4. Type connections, and then press ENTER.
  5. Type connect to server servername, and then press ENTER, where servername is the name of the domain controller that you want to assign the FSMO role to.
  6. At the server connections prompt, type q, and then press ENTER.
  7. Type seize role, where role is the role that you want to seize. For a list of roles that you can seize, type ? at the fsmo maintenance prompt, and then press ENTER, or see the list of roles at the start of this article. For example, to seize the RID master role, type seize rid master. The one exception is for the PDC emulator role, whose syntax is seize pdc, not seize pdc emulator.
  8. At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the ntdsutil prompt. Type q, and then press ENTER to quit the Ntdsutil utility.

Friday, April 2, 2010

Cannot find Disconnected mailbox from EMC

Issue:
 
In Exchange Management Console - Under recipient configuration you disconnected 1 mailbox  and tried to reconnect. When you check on Disconnected mailbox you cannot view the user you just disconnected.
 
FYI, under disconnected mailbox - in action pane I need to connect to server "use your mailbox virtual name if it's CCR cluster" However, the user may not appear in Disconnected Mailbox yet.
 
Solution: Go to management shell and type the following:
 
Get-MailboxDatabase | Clean-MailboxDatabase
 
Then refresh view on DisconnectedMailboxes and it should appear

Sunday, February 7, 2010

ManifestCache Windows 2008 and Vista

Key Words: ManifestCache, Windows 2008, and Vista, Windows boot partition out of space


Many users have reported the issue of winsxs folder getting increased in size.  As these files under  %windir%\winsxs\ManifestCache\ are used by the Windows Update mechanism in Windows Server 2008 and Windows Vista. It acts like a cache and is capped at a certain size, it's safe to delete these files.

 

You may refer to the following steps to remove the file under the %windir%\winsxs\ManifestCache\ to release some disk space that the WinSXS folder takes.

 

Run the following commands from an elevated command prompt:

 

Net stop trustedinstaller

 

NOTE: Wait for it to stop and ensure it stops successfully. If you are unable to stop the service, you may need to restart your machine.

 

Takeown /f %windir%\winsxs\ManifestCache\*

Icacls %windir%\winsxs\ManifestCache\* /GRANT administrators:F

Del /q %windir%\winsxs\ManifestCache\*


Wednesday, January 27, 2010

Unique technology for enterprise customers- Windows 7 and Windows 2008 R2 - Direct Access and others

Unique technology for enterprise customers

The Windows 7 Enterprise operating system (OS) is available to Microsoft Software Assurance customers. With Windows 7 Enterprise, you can take advantage of the following features that are not available in Windows 7 Professional:

  • DirectAccess: Give mobile users seamless access to corporate networks without a need to VPN.

  • BranchCache: Decrease the time branch office users spend waiting to download files across the network.

  • Federated Search: Find information in remote repositories, including SharePoint sites, with a simple user interface.

  • BitLocker and BitLocker To Go: Help protect data on PCs and removable drives, with manageability to enforce encryption and backup of recovery keys.

  • AppLocker: Specify what software is allowed to run on a user's PCs through centrally managed but flexible Group Policies.

  • Virtual desktop infrastructure (VDI) optimizations: Improved user experience for VDI with multimon and microphone support, which have the ability to reuse virtual hard drive (VHD) images to boot a physical PC.

  • Multilingual user interface: Create a single OS image for deployment to users worldwide.

Enhance mobility and manageability with DirectAccess
  • Working outside the office is easier than ever. DirectAccess in Windows 7 and Windows Server 2008 R2 enhances the productivity of mobile workers by connecting them seamlessly and more securely to their corporate network any time they have Internet access—without the need to VPN. When your IT department enables DirectAccess, the corporate network's file shares, intranet websites, and line-of-business applications remain accessible wherever you have an Internet connection.

  • Manage remote machines more effectively. Flexibility gives IT the opportunity to service remote machines on a regular basis and ensure that mobile users stay up to date with company policies. With DirectAccess, IT administrators can manage mobile computers by updating Group Policy settings and distributing software updates any time the mobile computer has Internet connectivity, even if the user is not logged on.

  • Enhance security and access control. To keep data safer as it travels public networks, DirectAccess uses IPv6-over-IPsec to encrypt communications transmitted across the Internet. DirectAccess is designed to reduce unnecessary traffic on the corporate network by sending only traffic destined for the corporate network through the DirectAccess server (running Windows Server 2008 R2), or the administrator can choose to send all traffic through the corporate network. In addition to authenticating the computer, DirectAccess can also authenticate the user and supports multifactor authentication, such as a smart card. IT administrators can configure which intranet resources specific users can access using DirectAccess.

Improve application responsiveness with BranchCache
  • Increase branch office user productivity. BranchCache in Windows 7 helps increase the network responsiveness of applications, giving users in remote offices an experience more like working in the head office. When accessing content stored on Windows Server 2008 R2, users in a branch office don't need to wait as long to download files from headquarters. When IT enables BranchCache, a copy of data accessed from an intranet website or a file server is cached locally within the branch office. When another user on the same network requests the file, the user gets access to the content almost immediately as it is downloaded from the local cache rather than over a limited bandwidth connection back to headquarters.

  • Flexible architecture. BranchCache only serves content to users who have the right permissions and always checks to make sure it is delivering the latest version of the file. BranchCache can operate in one of two modes. In Hosted Cache mode, a server in the branch running Windows Server 2008 R2 hosts the cached files. In the second mode, Distributed Cache, a branch server is not required; copies of files are directly cached on PCs in the branch and sent to other Windows 7 clients as needed.

  • Versatile and efficient protocols. BranchCache only retrieves data from headquarters when the user requests it. Because it is a passive cache, it decreases bandwidth utilization between headquarters and the branch. BranchCache only caches read requests, so it will never interfere with a user saving a file. BranchCache supports common protocols for web content (HTTP and HTTPS) and file servers (server messaging block [SMB]), enabling it to work with a wide variety of application types. Finally, it works seamlessly with network security technologies, including Secure Sockets Layer (SSL), SMB signing, and Internet Protocol security (IPsec) to improve application performance even if the content is encrypted.

Help users find what they need with Federated Search
  • Search enhancements in Windows 7 make finding information easier. Enterprise users need to access data from a variety of sources in their daily tasks. With Windows Vista, Microsoft introduced advanced desktop search technology, enabling users to instantly find information on their computers. With Microsoft Office SharePoint Server 2007 and the Enterprise Search family of products, Microsoft delivered highly secure, manageable, server-based search. Windows 7 brings these experiences together and provides users with an improved and seamless search experience across local and networked corporate data directly within Windows Explorer and the Start menu.

  • More intuitive ways to find and organize information. Advancements to the Windows 7 user interface (UI) make it easier for users to quickly find what they are looking for. Libraries are a new way of accessing documents that might be located in different folders, on different hard drives, or even on different computers that are backed by a Windows Search index—in a single view. Windows 7 creates several default libraries for items such as documents and pictures, allowing you to organize and browse files in an optimal way. You can also create custom libraries. For example, libraries can be created per project to provide one entry point under which you can organize, access, and search files spread across multiple locations.

  • Searching beyond the local computer with federated search. Windows 7 enables users to search remote document repositories, SharePoint sites, and Web applications as easily as they search their desktops—through the familiar Windows interface. Windows 7 federated search uses an existing public standard called OpenSearch. Users can select which sites they want to search from, or IT can populate a list for the user. Federated search results are presented in Windows explorer much like local files, with rich views, file details, and previews.

  • Flexible search scopes. Making it easy to discover and search intranet sites can help organizations maximize their return on these investments. With Enterprise Search Scopes in Windows 7, IT administrators can populate links on the Start menu and in the Windows Explorer search results. These links simplify access to the most appropriate, complete, authoritative data sources on the network. This setup makes content on intranet portals more discoverable and accessible. IT administrators can deploy Enterprise Search scopes on users' machines using Group Policy.

Help prevent loss or theft of data with BitLocker and BitLocker To Go
  • Protect your data—even on removable drives. With the continued growth of the mobile workforce, protecting sensitive data on mobile computers continues to be a major concern of IT decision makers. In 2008, 42 percent of respondents to the Computer Security Institute Computer Crime and Security Survey of enterprise IT professionals report that their organizations experienced theft of laptops or mobile devices. With Windows 7, BitLocker Drive Encryption helps protect sensitive data from being accessed by unauthorized users who come into possession of lost, stolen, or improperly decommissioned computers. BitLocker to Go extends BitLocker data protection to USB storage devices, enabling them to be restricted with a passphrase. In addition to having control over passphrase length and complexity, IT administrators can set a policy that requires users to apply BitLocker protection to removable drives before being able to write to them.

  • Easier to manage. Windows 7 gives administrators more control over how data in their environment is protected. From policy-configured Active Directory Domain Services integration for the escrow of recovery keys, to simple and efficient hardware recovery processes, BitLocker provides an integrated management experience for IT professionals. BitLocker to Go also gives administrators control over how removable storage devices can be utilized within their environment and the strength of protection that they require. Administrators can require data protection for any removable storage device upon which users want to write data, while still allowing unprotected storage devices to be utilized in a read-only mode. Policies are also available to require appropriate passwords, smart card, or domain user credentials to utilize a protected removable storage device.

  • Easier to set up. Whether you need to protect internal or removable drives, BitLocker in Windows 7 makes that protection easy because it works with almost any drive. Windows 7 simplifies the encryption of internal drives by automatically creating the hidden boot partition necessary to use BitLocker to protect the OS volume, eliminating the need to manually select that option during installation or to repartition the drive afterward. Best of all, BitLocker can be enabled on drives running Windows 7 with a simple right-click.

Help prevent unauthorized software from running with AppLocker
  • Powerful, yet easy to administer. Windows 7 offers new application control policies with AppLocker, a flexible, easy-to-use mechanism that enables IT professionals to specify exactly what is allowed to run on user desktops. AppLocker restricts unauthorized software while allowing applications, installation programs, and scripts that users need. With this capability, IT professionals can realize the security, operational, and compliance benefits of application standardization.

  • Application updates don't change the rules. AppLocker provides simple, powerful, rule-based structures for specifying which applications can run that are centrally managed using Group Policy. It introduces "publisher rules" that are based on an application's digital signature, making it possible to build strong rules that account for application updates. For example, an organization can create a rule to "allow all versions greater than 1.0 of Microsoft Dynamics CRM to run if signed by Microsoft." With correctly structured rules, IT professionals can safely deploy updates to allowed applications without having to build a new rule for each version update.

download Technical Overview of DirectAccess in Windows 7 and Windows Server 2008 R2 for a more in-depth technical look.

 

Friday, January 22, 2010

How to configure Outlook 2007 Discover locally

If you have two organizations with spilt DNS to share the same SMTP domain xyz.com. You can only configure DNS SRV record for one Exchange 2007 organization. For the other Exchange 2007 users with Outlook 2007 SP2 or later  you would like to "disable" the autodiscover feature from Outlook 2007 client end. However, we cannot disable the autodiscover feature from Outlook 2007 client. You can only select "Manually configure server settings or additional server types" when configuring new Outlook profile without autodiscover feature. After that Outlook 2007 will use autodiscover feature for downloading OAB, querying Free/Busy information etc. So, the workaround is that you can configure one autodiscover DNS SRV record for one Exchange organization. Or you can configure autodiscover for locally. For more information, please refer to the following article: Automatically configure Office Outlook 2007 user accounts http://technet.microsoft.com/en-us/library/cc511507.aspx

Tuesday, January 12, 2010

Exchange 2007 Out of Office sent to Internet recipients with empty return path (Null Sender) e.g. "<>".

This behavior occurs because the OOF messages created in Exchange Server 2007 will be sent to internet recipients with empty return path (nullsender) e.g. "<>". Some third party Spam AV/Smart host does not accept messages with empty return path.

 

This behavior has changes since Exchange 2003 which send OOF messages as the OOF mailbox. The changes of the Exchange 2007 OOF behavior is because sending the OOF messages with no return path will prohibit the messages to bounce. As per RFC 2298 Message Disposition Notification (MDN) messages should be sent with blank sender. The OOF reply messages are an MDN.

 

To workaround this issue in this scenario, you can create Outlook rule to auto reply messages to instead of OOF messages, thus or configure the third party Spam AV/Smart host to accept messages with empty return path.

 

Note The Exchange 2007 edge server will not reject the OOF message as the edge server will be incorporated in to the Exchange organization. The HUB server will transfer the OFF messages in the address of OFF mailbox to the edge server and the edge server will then send the messages with empty return path e.g. blank sender, MAIL FROM: <> "null" to Internet.

Thursday, January 7, 2010

Grant PF access permission to a shared mailbox on Exchange 2007 server

If you try to grant public folder access permission to a shared mailbox, you will get the following message and failed to add the user to PF access list, Permission TAB:

 

One or more users cannot be added toe the folder access list. Non-local users cannot be given rights on this server

 

 

To work around with this issue, we will have to use Exchange 2007 management

Shell cmdlet to set the mailbox to user mailbox. Here is the cmdlet I used and tested it works.

 

Set-mailbox mailbox_Name –type regular

 

Where: mailbox_name could be mailbox alias or associated account ID, say, Your_Netbios_domain_name\user_ID

 

Note: a shared mailbox could be a resource mailbox or a manager's mailbox shared with other users.