Sunday, January 22, 2012

Add Driver Packages to Boot Image Wizard Not Responding

Hi had an issue today with a WDS Server on Windows Server 2008 R2 SP1. Whenever I went to add a driver package to a boot image the "Add Driver Packages to Boot Image Wizard" would freeze when trying to mount the image and come up with not responding.

When running the wizard again the following error would be received:

Error Occurred while trying to execute this command.
Error Code: 0xc1420127


In which I needed to browse to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WIMMount\Mounted Images" and delete any keys below this to run the wizard again.

To resolve the problem I ran the following command to Uninitialize the server.

wdsutil /Uninitialize-Server



Opening the WDS Console allowed me to run the configuration wizard again. After running the configuration wizard and re-configuring the server I then ran the "Add Driver Packages to Boot Image Wizard" which completed successfully.

Thursday, January 19, 2012

Outlook 2007 Connection Issues over Outlook Anywhere

I have seen a problem with Outlook 2007 numerous times where Outlook 2007 cannot connect to Exchange when setting up a new profile. This problem is client related, not server related. For example if the same user experiencing the issue tries to connect to Exchange remotely via Outlook Anywhere from a different PC using the same version of Outlook, it works fine.

The issue only occurs when creating a new Outlook Profile remotely via Outlook Anywhere (RPC over HTTPS). If the profile is already created and the user has used the profile in the past inside the network over direct MAPI you are reading the wrong blog post.

I am still unaware what causes this problem however I do have two working resolution. If I find the root cause in the future, I am sure to come back and update this post for everyone :)

Symptoms

A user tries to create a new Outlook Profile remotely through Outlook Anywhere but experiences the following error:

The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete this action.



Note: This error is very generic and can also be caused when there is server side problems with Outlook Anywhere in which all users are effected. Only read this post if you are receiving this error only for an external user trying to create their outlook profile over Outlook Anywhere.

Resolution 1

If the user connects to the internal network either by bringing their PC/Laptop into the office or initiating a VPN connection the Outlook client connects to exchange using direct RPC MAPI and sets up the Outlook Profile as normal. If the user then brings the PC/Laptop outside the network either by disconnecting the VPN or moving the PC to another external network and connects using Outlook Anywhere (RPC over HTTP), Outlook Anywhere now works fine. The profile was created inside the network hence the issue of creating the profile over Outlook Anywhere never occured.

Resolution 2

In the event you have a user in a remote site, perhaps another country and you have no VPN connectivity setup the task of creating the Outlook Profile on the internal network using RPC MAPI calls is made difficult. However I have a work around here...

What I did was create the users profile on another PC running Outlook 2007. I used a virtual machine with Outlook 2007 installed and created the users profile using Outlook Anywhere as I did not have access to the internal network. When the profile is created and working correctly, export the following registry key to a .reg file.

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem



Next go to the PC experiencing the Outlook 2007 issue and import the .reg file you have created by double clicking the file. This will import the Outlook Profile created on the remote workstation. As Outlook is no longer trying to create the Outlook profile over Outlook Anywhere, it will simply load the profile as normal allowing the user to work remotely over Outlook Anywhere.

Don't worry about Operating Systems - Performing this registry import/export from another PC with different operating system is fine. I exported my registry content from a Windows XP PC with Outlook 2007 installed and imported it on a Windows 7 PC with Outlook 2007 installed.

Additional Information

I have troubleshooted this issue numerous times and have looked at many things such as debug logging with Outlook, launching Outlook in safe mode etc, nothing provides detailed information useful to diagnosing the root cause.

This issue is not related to the Windows user profile or User Account. For example if the user recreates his profile or another user account on the PC experiencing the issue, the problem reoccurs. We can immediately rule out the users local user hive, it is definitely with the Outlook installation on the PC... so we should be looking at areas such as the local machine registry (HKLM) and the Outlook installation, are all the files correct?

Reinstalling Office 2007 on a PC experiencing the issue does not resolve the problem. This means it is either a setting in Windows or a desktop application which triggers this issue. I have seen this issue in different companies, so if it is another application causing problems, it is not a custom line of business application. It may be a common application that multiple company's use.

I have seen this issue occur on all versions of Outlook 2007 ranging from Outlook 2007 RTM, SP1 and SP2. Upgrading Outlook 2007 to the latest service pack will not resolve this issue.

I have not seen this issue on Outlook 2003 or Outlook 2010 however this is not to say the issue does not occur on these versions. I have just never seen this on these particular versions of Outlook in my professional experience.

Last thing I would like to note is, third party non-Microsoft firewall software installed on a Laptop or PC can cause this issue. If you open up Windows Firewall and Windows Firewall displays the notice something similar to "this PC is being managed by a third party vendor firewall", try uninstalling the third party firewall software as this may resolve the issue.

Monday, January 9, 2012

Assign user rights to modify distribution group membership

A colleague of mine here at 4Logic today needed to perform a simple task in an Exchange 2010 environment today to allow designated users to administer distribution groups in Exchange 2010. Most Microsoft documentation suggesting adding the RBAC Administration role “Distribution Groups” to the user. This created security implementations as any user which was a member of this group, could manage all distribution groups within the organisation.

My colleague eventually worked this out by discovering RBAC user role of "MyDisturbtionGroups" allows users to manage distribution groups that they are an owner of (via Outlook and Exchange Control Panel).

Note: The group owner is controlled by the "Managed By" property.

He enabled this role by using the following PowerShell command:

New-ManagementRoleAssignment -Role MyDistributionGroups -Policy "Default Role Assignment Policy"

The role group however also allows owners of a distribution group to delete the distribution group.

If you want to allow users to only modify group membership a custom RBAC management role is required. The following commands create a custom management role which only allows a user in the "Managed By" field of a group to modify a groups membership.

New-ManagementRole -Name UpdateAddressLists -Parent MyDistributionGroups

Remove-ManagementRoleEntry UpdateAddressLists\New-DistributionGroup -Confirm:$false

Remove-ManagementRoleEntry UpdateAddressLists\Remove-DistributionGroup -Confirm:$false

New-ManagementRoleAssignment -Role UpdateAddressLists -Policy "Default Role Assignment Policy"

Thursday, January 5, 2012

Command to find out how many items in each users Sent Items

Today I put together a quick command to explore how many items are in each users sent items which I would like to share with you. This command ignores any users mailbox who does not have any items in the sent items folder.

Get-Mailbox | Get-MailboxFolderStatistics -FolderScope SentItems | Where {$_.ItemsInFolder -gt 0} | Sort-Object -Property ItemsInFolder -Descending | select-object Identity,ItemsInFolder | export-csv c:\test.txt