28 set 2010

Exchange 2010: "Couldn't resolve the user or group "domain.local/Microsoft Exchange Security Groups/Discovery Management."

The Exchange 2010 SP1 installation failed at installing mailbox role with the error "Couldn't resolve the user or group "domain.local/Microsoft Exchange Security Groups/Discovery Management." If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust."
This issue could be caused by the Discovery Search Mailbox, Delete "DiscoverySearchMailbox" mailbox.and try to install again. You can recreate the Discovery Search Mailbox after installing Exchange 2010 SP1.Delete "DiscoverySearchMailbox" mailbox.and try to install again

Exchange 2010: Mailbox role installation failed or partially configured or setup failed while configuring it

The issue may occur due to the presence of the Action or Watermark registry values on this registry, the presence of the Action or Watermark registry values on this registry branch indicates that either there was a previously unsuccessful installation of the Mailbox server, or that the Mailbox server installation was in progress when the Exchange Server Analyzer was doing its analysis.

So to address the issue, we can first turn to the Exchange setup logs to clarify if installation completed successfully. We can locate the setup logs at c:\ExchangeSetupLogs.

If we verified that the installation of Mailbox server is successful, we can delete Watermark or Action keys in regedit "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\v14\MailboxRole" to resolve this issue.

27 set 2010

Exchange 2010: How to set the receive connector to accept only FQDN Helo from internet

If you want to set the receive connector to accept only FQDN Helo from internet.

Type the following command in Exchange Management Shell to force the remote server to provide a domain name in EHLO handshake:

Set-ReceiveConnector –Identity "Default Connector" –RequireEHLODomain $True

The RequireEHLODomain parameter specifies whether the remote computer must provide a domain name in the EHLO handshake after the SMTP connection is established. Valid values for this parameter are $true or $false. The default value is $false. When the RequireEHLODomain parameter is set to $true, the remote computer must provide a domain name in the EHLO handshake after the SMTP connection is established. If the remote computer doesn't provide the domain name, the SMTP connection is closed.

You can set also the following useful parameters (Thanks to ObiWan)

BareLineFeedRejectionEnabled true

ConnectionInactivityTimeout 1 or 2 minutes
MaxHeaderSize 32KB
MaxInboundConnectionPerSource 5
MaxLogonFailures 3
MaxProtocolErrors 3
MaxRecipientsPerMessage 30
MessageRateLimit 6
TarpitInterval 5

For further informatin about it, please refer to the article below:

# Set-ReceiveConnector


26 set 2010

How to Updates Outlook profiles after moving mailboxes across Exchange organizations or administrative groups.

After moving mailboxes across Exchange organizations or administrative groups  you have to manually update the Outlook 2003 profile when the user mailboxes are moved to a new Exchange 2007/2010 server.

If we have too many mailboxes to manage, we may use either of the following methods to automatically change Outlook 2003 users Outlook profiles.

1. Update the affected users' Outlook profile through the tool Exchange Profile Update tool (ExProfRe).

We can run the ExProfRe tool by using logon scripts or by using Group Policy. Or, you can run the ExProfRe tool at a command prompt to make the needed changes to an Outlook profile.

For detailed steps, refer to the following two articles

The Exchange Profile Update tool


ExProfRe Operation Guide


Note: The tool ExProfRe also works for Exchange 2007 users' Outlook profile

2. Another option is to update their profiles with a PRF file.

For Outlook 2003 affected clients, you can create a custom PRF file using the Custom Installation Wizard. This PRF file allows you to create a new profile or manage existing profiles. For more information on how to do this for Outlook 2003.

Customizing Outlook Profiles by Using PRF Files

Exchange 2010, DPM 2010: Backup take a long time after migration

If the migration caused a large buildup of transaction logs, this was expected and the server has plenty of space to accomodate them. What we were not expecting was the amount of time a backup would take. DPM 2010 has been running a replica creation for about 6 hours now, We are assuming this is because we have around 100,000 1MB log files which should be purged after the backup is complete.

We can solve this problem by turning off ESEUTIL on DPM2010 and running a backup.

This allowed the backup to complete as it was ESEUTIL causing timeouts (due to the massive number of transaction logs)

Once this initial backup was complete DPM purged the transaction logs, We then turned ESEUTIL back on and ran a normal backup.

How to convert distribution groups to security groups in Exchange Management Console (EMC) or Exchange Management Console (EMS)

We are unable to convert distribution groups to security groups via EMC or EMS.

The groupType attribute is the one which is controlling the security and distribution "Group type" for any group-object.

The values are:

a) For Distribution "Group type", the value is: 8

b) For Universal security group: -2147483640
    For global security group: -2147483646

So, If we can change the value of "Group type" via script, to convert distribution groups to security groups in bulk may be achieved.

In addition, I would like to know why you need to  convert distribution groups to security groups. Because of some Exchange attribute of the distribution groups may not change to the attribute which security groups have.

For example:

The msExchRecipientDisplayType  attribute  of  Universal Distribution Group is 1, the msExchRecipientDisplayType  attribute  of  Universal Security Group is  1073741833.
Even if you changed the Distribution Group to Security Group via ADUC, but the msExchRecipientDisplayType  attribute is still 1.

Therefore, in some scenario, Exchange server still recognize it as Security Group.

As this point, to recreate the groups as Security Group is recommended.

25 set 2010

How to install CentOS on Hyper-V R2 Server (with RDP Mouse support)

CentOS is an Enterprise-class Linux Distribution derived from sources freely provided to the public by a prominent North American Enterprise Linux vendor. CentOS conforms fully with the upstream vendors redistribution policy and aims to be 100% binary compatible. (CentOS mainly changes packages to remove upstream vendor branding and artwork.) CentOS is free.

We can download CentOS from Here

Recently Microsoft has added support for Red Hat Enterprise Linux. With this support it is possible to install the Linux Integration Components on CentOS.
First off, we have to set a new virtual machine for CentOS but we must be careful to add a "Legacy Network Adapter"


You remember to connect the our VM at External Virtual Netwok that it should be connected to internet.
Now we can install OS via the downloaded ISO but we have to use only tab-key for now (if you want to perform installation from Remote Desktop) or install it from anaconda (text) 

When the installation end, you must type CRTL + ALT + F2. Insert user (root) and password.

The next step: Install the Linux Integration Services Version 2.1

When installed on a virtual machine that is running a supported Linux operating system, Linux Integration Services for Hyper-V provides the following functionality:

  • Driver support for synthetic devices: Linux Integration Services supports the synthetic network controller and the synthetic storage controller that were developed specifically for Hyper-V.
  • Fastpath Boot Support for Hyper-V: Boot devices now take advantage of the block Virtualization Service Client (VSC) to provide enhanced performance.
  • Timesync: The clock inside the virtual machine will remain synchronized with the clock on the host.
  • Integrated Shutdown: Virtual machines running Linux can be shut down from either Hyper-V Manager or System Center Virtual Machine Manager, using the "Shut Down" command.
  • Symmetric Multi-Processing (SMP) Support: Supported Linux distributions can use up to 4 virtual processors (VP) per virtual machine.
Download Linux Integration Components v2.1 from Microsoft Download site and place the LinuxIC v21.iso file into your VM host server where you can mount the ISO as a CDROM.


1. You will need Development Tools installed to be able to compile the Integration Components. You could do that by running yum:
yum groupinstall "Development Tools"

2. As the root user, mount the CD in the virtual machine by issuing the following commands at a shell prompt:
mkdir /mnt/cdrom
mount /dev/cdrom /mnt/cdrom

3. Copy Linux Integration Services to the virtual machine

mkdir /opt/linux_ic_v21_rtm
cp –R /mnt/cdrom/* /opt/linux_ic_v21_rtm

NOTE: If you're using the x64 version of Centos, you have perform an extra step.
yum install adjtimex

4. As the root user, run the following command to compile and install the synthetic drivers

cd /opt/linux_ic_v21_rtm/
(if needfull) ./scripts/build
make install

Synthetic Mouse Support
When accessing the console of a Hyper-V host via Terminal Services or Remote Desktop there is no mouse support available for the consoles of non-paravirtualized ("unenlightened") guests, and accessing the host console directly results in a "captured" mouse experience for guest consoles that is difficult to use. This is true for both Windows and Linux guests, and Microsoft provides an enlightened mouse driver along with disk and network drivers for Windows guests.
Synthetic mouse support is not included in this download. However, synthetic mouse drivers for
use with Linux running on Hyper-V are available. For more information, see the Citrix Project
Satori Web site  at http://go.microsoft.com/fwlink/?LinkId=157779.

How to install mouse integration:

Step 1

Download iso image from xen.org
Mount iso image as the guests cdrom.

# mkdir /opt/inputvsc
Copy install files
# cp -R /media/cdrom/* /opt/inputvsc/

Step 2 – Install inputVSC Module

Change directory into install directory

# cd /opt/inputvsc
Execute Install Script
# ./setup.pl
Verify the error you receive is the expected error by viewing drvinstall.err (the error should occur when 'installing the udev inputvsc rules' - This means that the module will not be loaded automatically)
# cat drvinstall

Step3 – Reboot

Now we can use our CentOS on Hyper-V by Remote Desktop Smile


19 set 2010

Outlook clients get a certificate error when connecting to the new Exchange 2010 server

If you are migrating from Exchange 2003 to Exchange 2010 and you want to import the old certificate to the new server or you want to use an existing single name SSL certificate, the domain name on the certificate does not match the names on the server so Outlook clients get a certificate error when connecting to the new Exchange 2010 server.
Actually, Microsoft not recommend to import the certificate (which is exported from Exchange 2003 server) into Exchange 2010 server

The recommended steps should be the following:

1. Generate a certificate request from Exchange 2010.
2. Submit the request to  third-party CA to generate a new certificate.
3. Import the new certificate into Exchange 2010 server.
4. Enable it for Exchange services such as IIS

In this Scenario, the certificate is from Exchange 2003 server, so the domain name in the certificate only has one - the external FQND name. So, we need to follow the KB940726 to change all internal URL to the external url. So, please check if the Exchange 2010 external FQDN name is the same as the name in the Exchange 2003 certificate, if yes, you can try the KB940726. If not, you have to generate a new exchange certificate request. If you changed all internal url to external url, to recreate new DNS record (with external FQDN) in internal DNS server and point to the Exchange 2010 CAS server is best.

More info:
Create a New Exchange Certificate

18 set 2010

Internet Explorer 9: Redmond gets back in the game

After testing the new IE9 Beta 1 for a couple of days I think that Microsoft gets back in the game.

IMHO IE9 is a great work, so I suggest you to read this review:


You can download IE9 from:

Goobye Chrome, thank you...

Hyper-V R2: VM Backup fail with the event id 521

When you are doing a backup of VMs on role Hyper-V R2 server and event id 521 has been logged the troubleshooting is a little hard. First off, we say that the backup device is an External USB storage (HD).
The event accused:
Provider: Microsoft-Windows-Backup, EventID: 521, Channel: Application.
Now we begin with troubleshooting and here are the things that could cause this error:

1. Invalid disk signatures on the HOST and Guest
During Hyper-V backups, shadow copies of each of the VHD’s are attached to the Hyper-V server simultaneously. If any two VHD’s have the same disk signature, partition manager will “offline” the disk(s) that arrive with a conflicting (or duplicate) signature. This will cause the Hyper-V backups to fail.
- How to check for VHD signature conflicts: · Download Sector Inspector from the following location.
· The binary is portable. Once it's installed on one machine, copy it to:
. Each of the VM's
. The Hyper-V server
· Run "secinspect -nohex > Signatures_%computername%.txt" from an elevated command prompt on:
.Each of the VM's
.The Hyper-V server
. When looking at all of the Secinspect output files, no two disks should ever have the same disk signature value. If they do, this needs to be corrected.
- What to do if you have a signature conflict: . Shut down the affected VM’s.
. Run the Disk Management MMC.
. Manually attach the all VHD’s to the Hyper-V server via Disk Management MMC.
. If any VHD’s are attached in an “offline” state, a disk signature conflict was found. To fix the conflict, right click the disk and “online” the disk manually.
. Once all VHD disks are attached in an “online” state, detach them one at a time.
. Start the VM’s.
. Verify that VM backups work.

02 set 2010

Windows Phone 7 – Released To Manufacturing

"Today is the day that the Windows Phone team has been driving towards, and we’re very excited to say that we’ve reached the biggest milestone for our internal team – the release to manufacturing (RTM) of Windows Phone 7!  While the final integration of Windows Phone 7 with our partners’ hardware, software, and networks is underway, the work of our internal engineering team is largely complete. 
Windows Phone 7 is the most thoroughly tested mobile platform Microsoft has ever released.  We had nearly ten thousand devices running automated tests daily, over a half million hours of active self-hosting use, over three and a half million hours of stress test passes, and eight and a half million hours of fully automated test passes.  We’ve had thousands of independent software vendors and early adopters testing our software and giving us great feedback. We are ready."


Mobile market is very hard in this moment with Android and iOS. Windows Phone Team IMHO has worked well (although biblical times) and Metro GUI seems good.

Best wishes for your Windows Phone
I hope will be a hit!