Office Professional Plus 2013 Preview includes Business Intelligence

Monday, July 23, 2012
Today Microsoft announced the availability of the Office Professional Plus 2013 Preview.  This release enables business users to do self-service Business Intelligence directly in Excel and enables IT organizations to support their users through scalability, governance and compliance provided by SQL Server and SharePoint.

This public preview also includes preview downloads for SharePoint 2013 and SQL 2012 CTP3.


Excel 2013 Preview enables self-service BI as a natural part of user’s day-to-day activities with PowerPivot for data mash ups, Power View for stunning interactive data visualization and Data Models powered by xVelocity in-Memory technologies for extreme analytical performance and scale on hundreds of millions of rows of data all directly in Excel. SharePoint Server 2013 Preview significantly improves governance and compliance over the self-service BI assets with SQL Server 2012 SP1 CTP3 required for server side compatibility.

New for BI in Excel 2013, SharePoint 2013 and SQL Server 2012 SP1

Empower all users to gain breakthrough insights as a natural part of their day-to-day activities using PowerPivot and Power View, now in Excel 

·         Analyze data ranging from a few rows to hundreds of millions of rows with extreme analytical performance on your desktop using Excel data models powered by xVelocity in-memory analytics engine

·         Speed up analysis in Excel by using Quick Analysis to preview and apply conditional formatting, suggest and create charts, PivotTables, and tables; by using Quick Explore to easily navigate multidimensional and tabular data models and create Trend charts to analyze information over time

·         Quickly clean and shape up data in Excel via intelligent pattern recognition and smart auto-complete with Flash Fill.

·         Empower users of all levels to access, mash-up and analyze data from virtually any source and rapidly create compelling analytical applications with PowerPivot, now in Excel.

·         Provide stunning data visualization to discover new insights with a highly interactive and familiar data exploration, visualization, and presentation experience for users of all levels with Power View, now in Excel

·         Easily share and collaborate on self-service BI solutions within your organization with SharePoint Server

User created, IT managed - Enable enterprise grade IT governance for your BI solutions via SQL Server and SharePoint

·        Improve governance and compliance and easily track your business critical Excel assets by enabling
·        Discovery and assessment of user-created spreadsheets with SharePoint 2013.
·        Comparing spreadsheets, tracking lineage, conducting interactive diagnostics and creating spreadsheet analysis reports with Inquire in Excel

Download Links:
Read more ...

Change Lync Join Announcements to Tone Only

Wednesday, July 18, 2012
By default Lync Server 2010 announces when users join or leave a dial-in meeting by name.  For example, "Pilar Ackerman has joined the conference."  Kind of cool, but it can get annoying when attendees join or leave in the middle of the meeting.

You can configure Lync Server to instead play a simple tone instead or turn entry/exit announcements off altogether.

To set the new default entry/exit announcements to a tone, run the following cmdlet from your Lync back end server:

Set-CSDialInConferencingConfiguration -EntryExitAnnouncementsType ToneOnly -EntryExitAnnouncementsEnabledByDefault $true
Note: You must be a member of the RTCUniversalServerAdmins group or have the appropriate RBAC rights to run this command.

To disable entry/exit announcements altogether, run the following cmdlet:

Set-CSDialInConferencingConfiguration -EntryExitAnnouncementsEnabledByDefault $false

Read more ...

How to Enable Notifications for Pending Certificate Requests

Thursday, July 12, 2012
You can configure a Windows Certification Authority certificate template to require CA certificate manager approval, as shown below. 

With this configuration autoenrollment is disabled and the CA Manager must approve the certificate request before the certificate is issued.

Normally, CA managers need to check in periodically to see if there are any pending requests to approve or decline.  This article discusses how to enable email notifications when a certificate request is generated that requires approval.

First, my best practice is to create a mail-enabled security group in Active Directory called CA Managers.  Add the appropriate user objects to this group and assign that group Issue and Manage Certificates and Manage CA rights on the Certification Authority, as shown below:

Now we need to configure event logging for Certificate Services for verbose logging.  Run the following command from a CMD prompt on the CA:
certutil -setreg ca\loglevel 4
You must restart the Active Directory Certificate Services service (CertSvc) to affect the logging level change.  The CA will now log event ID 54 from source CertificationAuthority in the Application event log whenever a certificate request is generated.  For example,

Log Name:      Application
Source:        Microsoft-Windows-CertificationAuthority
Date:          7/12/2012 8:16:29 AM
Event ID:      54
Task Category: None
Level:         Information
Keywords:      Classic
User:          SYSTEM
Active Directory Certificate Services left request 51 pending in the queue for C=US, S=CA, L=Pacifica, O=Expta, OU=IT, CN=Admin,  Additional information: Taken Under Submission

All we need to do now is create an Event trigger on this event.  The easiest way to do that is to create a certificate request so we can attach a task to the event it logs.  Once you create the certificate request, find the event ID 54 in the Application event log on the CA.  Right-click the event and select Attach Task To This Event.

This will open the Create Basic Task Wizard which we will use to configure the email notification.  Give the task a name and description, as shown below, and click Next:

The specific event details are prepopulated from the event we selected.  Click Next:

Select Send an e-mail from the Actions list and click Next:

Complete the details for the email, as shown below.  Enter the valid SMTP address for the CA Managers group (created above) in the To: field.  I include the URL to the CA approval page in the message text for easy access by the CA Managers.  Ensure that your CA server is allowed to send SMTP email to the SMTP server you designate in the wizard.  I use Telnet to test that.

Review the summary.  Select the check box to Open the Properties dialog for this task when I click Finish and then click Finish.

By default this task will only run when the user who created it is logged on.  Change the task to run under the NT Authority\SYSTEM account by clicking the Change User or Group button and entering the local SYSTEM account.  This will also configure the task to run whether the user is logged on or not.  Now click OK to complete the task.

You can view, change or delete this task in the Event Viewer Tasks in the Task Scheduler Library.

Test the new configuration by generating another certificate request.  All members of the CA Managers group should receive an email indicating that a new certificate request is pending, along with a link to the CA's web approval page, as shown below:


Read more ...

How to Enable Logging for RPC Client Access Throttling in Exchange 2010

Thursday, July 12, 2012
Throttling is a resource protection feature introduced with Exchange 2010.  It is designed to prevent a single user or groups of users from consuming all the Exchange resources and causing a denial of service (DoS) attack.

Users will see various warnings and errors in Outlook when RPC throttling occurs.  Two of the most common warnings and errors in Outlook are shown below:

Unable to open your default e-mail folders. The Microsoft Exchange Server computer is not available. Either there are network problems or the Microsoft Exchange Server computer is down for maintenance.

Unable to expand the folder. The set of folders could not be opened.

By default RPC throttling is not logged anywhere, which makes it very difficult to troubleshoot.  Without logging you normally need to load up all the Perfmon counters and watching them increment.  This does nothing to tell you who is being throttled, though.

You can enable logging for RPC throttling by configuring the Microsoft.Exchange.RpcClientAccess.Service.exe.config file.  This file is located in the \Program Files\Microsoft\Exchange Server\V14\Bin folder on the Client Access Servers.

Open the config file in Notepad and edit the LoggingTag tag key to add the Throttling value as follows:

<add key="LoggingTag" value="ConnectDisconnect, Logon, Failures, ApplicationData, Warnings, Throttling" />

Save the Microsoft.Exchange.RpcClientAccess.Service.exe.config file and restart the Microsoft Exchange RPC Client Access service on the CAS.  This needs to be done on all CAS servers.

Meaningful RPC throttling events are then logged in the \Program Files\Microsoft\Exchange Server\V14\Logging\RPC Client Access folder.  Open the latest log file to search for RPC throttling events.  They usually include the term "exceeded":
2012-06-26T17:32:23.301Z,19,0,/o=theguillets/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Jeff Guillet,,OUTLOOK.EXE,14.0.6117.5001,Cached,,,ncacn_http,,Connect,2614 (rpc::MaxConnectionsExceeded),00:00:00,"SID=S-1-5-21-117020884-2285600563-2343042490-1113, Flags=None; Connection Limit Exceeded",RpcDispatch:

You can adjust throttling using client throttling policies.  Throttling policies are groups of settings that are used to control how much resources that a user or connection can use in an Exchange organization. Throttling polices can only be used against users that are using Exchange 2010 servers. They do not apply to previous versions of Exchange.  See the TechNet article Understanding Client Throttling Policies ( for more information.
Read more ...

Improvements to the Exchange Remote Connectivity Analyzer

Tuesday, July 3, 2012

The Exchange Remote Connectivity Analyzer (ExRCA) has to be one of the best troubleshooting tools that the Exchange product team has ever produced.  It's a one-stop shop that allows you to test remote connectivity to an Exchange organization using Autodiscover, ActiveSync, Outlook Anywhere, Web Services, or inbound/outbound SMTP from a Microsoft hosted cloud application on the Internet.  It works with both on-prem and Office 365 Exchange organizations.

Shawn McGrath is the developer in charge of ExRCA development and previewed recent improvements to us at the MVP Summit in February 2012.  I'm pleased to say that ExRCA version 1.4 has now been released!  The biggest changes are around the CAPTCHA experience, which I've been a vocal about for the past year.  Constructive Feedback = Good.  J

Here’s a list of the changes in this release:
  • We are using a new CAPTCHA service provided by an internal team.
  • The challenge is NOT case sensitive, so it doesn't matter if you type upper or lower case letters.  We also note this on the web page.
  • The CAPTCHA challenges will not include hard to distinguish letters/numbers.  For example 2 and Z or O and 0.
  • If you get the challenge wrong, the password entries will not be removed.
  • Once you enter a correct response to the challenge, you will be verified for a set amount of time (~30 minutes).  This means you will not see additional CAPTCHA challenges until the timeout period expires.
  • The inbound SMTP test now inserts the IP address of the user performing the test into the test email message. The IP is also inserted into an SMTP Header (X-Originating-IP).
  • Fixed an issue in the Sender-ID test where certain DNS responses while evaluating the "exists" mechanism were incorrectly being treated as a TempError
  • The outbound SMTP Sender-ID tests now conform to the RFC specified limit of ten DNS-based mechanisms that can be used during the evaluation of the SPF record.
  • Fixed an issue where host names with all numbers in the top-level domain were not considered valid input
  • Fixed user interface issues that can cause the "helper bubble" to stick around when navigating in the wizard
  • Added a note to the EWS service account access test indicating that the mailbox must be empty
  • Changed the Windows Mobile Certificate test to warn instead of fail when certificates aren't trusted by Windows Mobile since many other devices also use ActiveSync and may trust the certificate
  • Changed the Outlook Anywhere mutual authentication test to report a warning instead of an error when the mutual authentication (msstd: string) only matches a Subject Alternative Name on the certificate. Windows Vista SP1 and later can handle this configuration.
  • The Outlook Anywhere Proxy Ping and HTTP Authentication Method Tests now use the full query string; this is necessary to support certain UAG configurations.
  • Added additional error mappings for known issues
Shawn also created this fun video to demonstrate the new CAPTCHA experience.

Read more ...