I'll be speaking at IT/Dev Connections!

Friday, October 20, 2017

I'll be presenting at IT/Dev Connections next week in San Francisco. It'll be nice to have a conference near my home town in the Bay Area.

My session is Take Control Authentication in Office 365.
Microsoft offers several ways for users and admins to authenticate easily and securely to Office 365. In this session you will learn about new advances in claims based and pass through authentication, multi-factor auth, and the controls available for each. With that knowledge, you'll be able to decide which authentication method works best for your organization. We'll also discuss architectures for high availability and disaster recovery. Live demos will bring it all together.
I'm excited to do this presentation, as I've been doing more Identity work than Exchange lately. I hope you can attend this session and others at IT/Dev Connections. Connections is a boutique IT conference with lots of face time and conversations with MVPs and other experts in their fields. I hope you can join me there!

Other MVP experts include Tony Redmond, Chris Goosen, Jaap Wesselous, J. Peter Bruzzese, and others.

Read more ...

Azure AD Connect 1.1.647.0 released

Friday, October 20, 2017
Microsoft has released Azure Active Directory Connect build 1.1.647.0. This version includes a number of setup bug fixes around password synchronization and Seamless Single Sign-on. It also fixes an issue with the AD Connector account permissions related to Public Folder sync and help screen rendering on Windows Server 2016.

New features include added logic to simplify the steps required to set up Azure AD Connect with Microsoft Germany Cloud, improved domain-specific information on the Troubleshooting page, improved permissions checking for password hash sync, and fixes an issue related to the use of msDS-ConsistencyGuid as Source Anchor feature for AD FS customers.

In my own testing I found that the setup experience was less than ideal if you currently use or have switched from AD FS. I recently switched from AD FS to using password hash sync. When I manually upgrade from build 1.1.614.0 setup prompts to close the AzureADConnect processes (in my case, there are four of them).

Even though I select to "Close the applications and attempt to restart them" setup is unable to stop them and prompts to restart the computer after installation, but before it runs the AAD Connect upgrade wizard.

I chose "No" to restart later and continued with the upgrade wizard. Something else new is that during the upgrade it asks for by tenant admin credentials. I've reached out to the AAD Connect team about both of these issues, as I think they will both prevent the auto-upgrade process from running properly. They are able to repro the issue when using AD FS or having switched from it.
UPDATE: The AAD Connect team found the root cause for the leaked threads and will fix it in a future update. So for now, you can either chose to close the applications or not and continue the upgrade. Personally, I recommend restarting the AAD Connect server after installation, but I didn't see any problems with AADC after installation. They also say that the prompt for tenant admin creds is an added layer of defense in case somebody unauthorized tries to upgrade the server. In the case of auto-upgrade, we assume we already have the permission from the admin to upgrade whenever a new build is required.
Read the AAD Connect release notes here.

Download Azure AD Connect 1.1.647.0 here.
Read more ...

Important notice for Azure AD Connect customers running on SQL Server

Friday, October 6, 2017
Microsoft updated the AAD Connect release notes with an important warning for customers who use a full SQL Server deployment for Azure AD Connect.
Starting with build 1.1.484, Azure AD Connect introduced a regression bug which requires sysadmin permissions to upgrade the SQL database. This bug is still present in the latest build 1.1.614. If you are upgrading to this build, you will need sysadmin permissions. Dbo permissions are not sufficient. If you attempt to upgrade Azure AD Connect without having sysadmin permissions, the upgrade will fail and Azure AD Connect will no longer function correctly afterwards. Microsoft is aware of this and is working to correct this.
This does not affect customers running localDB instances of SQL. The current version of AAD Connect is 1.1.614.0

Customers running SQL Server back ends are currently excluded from automatic upgrades, so it always requires a manual upgrade to a newer version of AAD Connect. That means (for now) you don't need to be worried about an auto-upgrade automatically breaking AAD Connect functionality.

Read more ...

Public service announcement for iOS 11 and Exchange/Windows 2016

Monday, September 18, 2017

Apple is scheduled to release iOS 11 on September 19th for iPhones and iPads. And there was much rejoicing.

But not so fast...

First up, iOS 11 introduces an Exchange ActiveSync error when connecting to an Exchange 2016 running on Windows 2016. iOS 11 improperly negotiates HTTP/2 TLS connections for EAS. See Michael B. Smith's article on this issue and another issue about Intune for more details.

The workaround is to temporarily(!) disable HTTP/2 TLS for Windows 2016 with the following registry keys and then reboot the server:

  • EnableHTTP2Tls = 0 (REG_DWORD)
  • EnableHttp2Cleartext = 0 (REG_DWORD)
Note: This problem only affects Exchange 2016 running on Windows 2016, since HTTP/2 TLS is the default protocol on this OS. Apple has acknowledged the issue with iOS 11 and is working on a fix. There is no estimate of when this will be fixed but it is expected as an iOS 11 update.


UPDATE: The HEIC file format issue described below may be a non-event. Apple says that iOS will transcode HIEF images and videos to compatible JPEG versions if the receiver cannot indicate it can handle these file types. Transcoding requires a fair amount of compute cycles, which is why HEIF formats are the default on A9+ processor devices. Thanks to @invalidcanary for the heads up.

You should also be aware that the default picture format for iPhone 7/8/X is changing to a new high efficiency image file format (HEIF), called HEIC. With iOS 11, Apple added an option to compress photos and videos with a new, more efficient encoding called HEVC. By default, iOS devices with A9 and newer processors (Apple 7/8/X, iPad Pro and 2017+) will capture images and video using HEVC compression.

The new photo and video formats result in files about 1/2 size of the old JPEG and video formats, while having better quality. The problem is that new files will likely not open properly outside of your iPhone or iPad until everything that you use to work with photos updates to work with new HEIF formats.

To check if your iOS 11 device uses the new format, go to Settings > Camera > Formats. "High Efficiency" is the new format and "Most Compatible" is the old / current format. I do not suggest to just turn this off; Hey - getting files half the size is super cool. Just realize that if you use the photos outside of your phone that there might be temporary issues with viewing.

The file extension used for photos with the new format is ".heic" instead of ".jpg", and videos will use ".hevc" instead of ".mov". Windows and OneDrive do not support the new formats yet. Expect to see that support in future updates. Dropbox does support the new formats and is able to do previews of both.

If you need to convert an HEIC photo, Beamr Imaging offers a free website to convert HEIC photos to JPEGs.

When this sample 1.3MB HEIC photo is converted to JPEG format it becomes 2.3MB.

Special thanks to Nino Bilic at Microsoft (a real gem of a guy) for the heads-up on this and allowing me to share it with you.

Read more ...

Announcing the 10th Annual UC Roundtable at Microsoft Ignite!

Monday, September 18, 2017

I'm pleased to announce the 10th Annual UC Roundtable at Microsoft Ignite 2017 in Orlando!

A one-of-a-kind conference deserves a one-of-a-kind opportunity to network with your peers.

The purpose of the UC Roundtable is to gather Exchange, Office 365, and Skype for Business admins, MCMs, MVPs, Exchange product group members, architects, and experts for a free-flowing discussion about issues, questions, and experiences related to Exchange, Office 365, and Skype for Business. If you work with these technologies you need to be here!

Wednesday, September 27th from 6:00PM to 7:30PM EDT

The UC Roundtable is going old school this year! This will be a no-host event. Order your own beer or a bite to eat before you leave for the evening's parties. Please RSVP to jguillet@expta.com so I can tell them how many people to expect.

We'll be meeting in the outdoor area of Marlow's Tavern at 9101 International Dr, Lower Level -- just a short 10 minute walk from the Ignite convention center.

Help spread the word on Twitter and I hope to see you there!

Read more ...

Meet with EXPTA Consulting at Microsoft Ignite

Monday, September 18, 2017
It's less than one week to Microsoft Ignite in Orlando, FL. I hope you’re as excited as I am to attend and hear about all the new hotness that Microsoft plans to deliver. I’ll be speaking Wednesday 12:30-1:45PM at "The Epic Exchange Preferred Architecture Debate" with a panel of experts. I hope to see your there! I’ll also be available throughout the conference for meetings to discuss how I can help you with your current and future IT projects.

EXPTA Consulting can assist your organization with:

  • On-Prem Solutions – Including Exchange and Active Directory health checks, mitigation, and upgrades. We recognize that not all customers can or want to go to the cloud. Let me help you upgrade and make the most of your on-premises solutions, based on my many years’ of experience and best practices. I provide turnkey solutions or I can work with your IT staff and provide training and support.
  • Office 365 Solutions – Let EXPTA Consulting help you get the most from Office 365. We can help with data migrations, tenant to tenant migrations, EM+S, interoperability and integration solutions.
  • Identity Design and Solutions – Safe, secure, and easy to use Identity management solutions are the key to a successful deployment. I can help design and implement the best identity solutions to meet your organization’s needs. 

Recent EXPTA Consulting customers include an international college Office 365 migration, a large Federal agency identity project, a mid-sized business insurance brokerage Exchange 2016 upgrade, private equity firms, and consulting/hosting providers. Set up a meeting to see how we can help you!
Read more ...

Proud to announce I'll be speaking at Microsoft Ignite!

Friday, September 1, 2017
Come join Ross Smith IV, Lin Chen, Mike Cooper and me at Microsoft Ignite in Orlando for, "The epic Exchange preferred architecture debate" on Wednesday at 12:30pm EDT.

Here, we plan to talk about what is the best, DAS or SAN? Are SSDs on the way in or are slow spindles here to stay? Should you give up and migrate to the cloud? What about virtualization?

Come listen to experts from inside and outside of Microsoft debate the various Exchange architectures that can be deployed on-premises and hybrid.

This is an open panel discussion where you can ask questions and learn about architectures and topologies that defy the preferred architecture, such as some of those listed in the Exchange Solution Reviewed Program (ESRP). We'll discuss the ESRP and it's role in Exchange architecture design.

I'll also be a panelist at the session, "Microsoft Exchange: Through the eyes of MVPs" on Thursday at 4:00pm EDT.

Microsoft says,
"We've assembled an amazing set of Exchange MVP luminaries, representing scores of years of experience, to share their unvarnished truth about all things Exchange. You won't want to miss your chance to ask questions and hear this panel's expert opinions. Hiring this set of experts for 75 minutes would cost you a fortune, but by attending this session, you'll only pay the small fee of having to listen to them occasionally poke fun at Microsoft - and each other."
I hope to see you there!

Read more ...