Public service announcement for iOS 11 and Exchange/Windows 2016

Monday, September 18, 2017

Apple is scheduled to release iOS 11 on September 19th for iPhones and iPads. And there was much rejoicing.

But not so fast...

First up, iOS 11 introduces an Exchange ActiveSync error when connecting to an Exchange 2016 running on Windows 2016. iOS 11 improperly negotiates HTTP/2 TLS connections for EAS. See Michael B. Smith's article on this issue and another issue about Intune for more details.

The workaround is to temporarily(!) disable HTTP/2 TLS for Windows 2016 with the following registry keys and then reboot the server:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters
  • EnableHTTP2Tls = 0 (REG_DWORD)
  • EnableHttp2Cleartext = 0 (REG_DWORD)
Note: This problem only affects Exchange 2016 running on Windows 2016, since HTTP/2 TLS is the default protocol on this OS. Apple has acknowledged the issue with iOS 11 and is working on a fix. There is no estimate of when this will be fixed but it is expected as an iOS 11 update.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

UPDATE: The HEIC file format issue described below may be a non-event. Apple says that iOS will transcode HIEF images and videos to compatible JPEG versions if the receiver cannot indicate it can handle these file types. Transcoding requires a fair amount of compute cycles, which is why HEIF formats are the default on A9+ processor devices. Thanks to @invalidcanary for the heads up.

You should also be aware that the default picture format for iPhone 7/8/X is changing to a new high efficiency image file format (HEIF), called HEIC. With iOS 11, Apple added an option to compress photos and videos with a new, more efficient encoding called HEVC. By default, iOS devices with A9 and newer processors (Apple 7/8/X, iPad Pro and 2017+) will capture images and video using HEVC compression.

The new photo and video formats result in files about 1/2 size of the old JPEG and video formats, while having better quality. The problem is that new files will likely not open properly outside of your iPhone or iPad until everything that you use to work with photos updates to work with new HEIF formats.

To check if your iOS 11 device uses the new format, go to Settings > Camera > Formats. "High Efficiency" is the new format and "Most Compatible" is the old / current format. I do not suggest to just turn this off; Hey - getting files half the size is super cool. Just realize that if you use the photos outside of your phone that there might be temporary issues with viewing.

The file extension used for photos with the new format is ".heic" instead of ".jpg", and videos will use ".hevc" instead of ".mov". Windows and OneDrive do not support the new formats yet. Expect to see that support in future updates. Dropbox does support the new formats and is able to do previews of both.

If you need to convert an HEIC photo, Beamr Imaging offers a free website to convert HEIC photos to JPEGs.


When this sample 1.3MB HEIC photo is converted to JPEG format it becomes 2.3MB.

Special thanks to Nino Bilic at Microsoft (a real gem of a guy) for the heads-up on this and allowing me to share it with you.

Read more ...

Announcing the 10th Annual UC Roundtable at Microsoft Ignite!

Monday, September 18, 2017

I'm pleased to announce the 10th Annual UC Roundtable at Microsoft Ignite 2017 in Orlando!

A one-of-a-kind conference deserves a one-of-a-kind opportunity to network with your peers.

The purpose of the UC Roundtable is to gather Exchange, Office 365, and Skype for Business admins, MCMs, MVPs, Exchange product group members, architects, and experts for a free-flowing discussion about issues, questions, and experiences related to Exchange, Office 365, and Skype for Business. If you work with these technologies you need to be here!

Wednesday, September 27th from 6:00PM to 7:30PM EDT

The UC Roundtable is going old school this year! This will be a no-host event. Order your own beer or a bite to eat before you leave for the evening's parties. Please RSVP to jguillet@expta.com so I can tell them how many people to expect.

We'll be meeting in the outdoor area of Marlow's Tavern at 9101 International Dr, Lower Level -- just a short 10 minute walk from the Ignite convention center.


Help spread the word on Twitter and I hope to see you there!


Read more ...

Meet with EXPTA Consulting at Microsoft Ignite

Monday, September 18, 2017
It's less than one week to Microsoft Ignite in Orlando, FL. I hope you’re as excited as I am to attend and hear about all the new hotness that Microsoft plans to deliver. I’ll be speaking Wednesday 12:30-1:45PM at "The Epic Exchange Preferred Architecture Debate" with a panel of experts. I hope to see your there! I’ll also be available throughout the conference for meetings to discuss how I can help you with your current and future IT projects.



EXPTA Consulting can assist your organization with:

  • On-Prem Solutions – Including Exchange and Active Directory health checks, mitigation, and upgrades. We recognize that not all customers can or want to go to the cloud. Let me help you upgrade and make the most of your on-premises solutions, based on my many years’ of experience and best practices. I provide turnkey solutions or I can work with your IT staff and provide training and support.
  • Office 365 Solutions – Let EXPTA Consulting help you get the most from Office 365. We can help with data migrations, tenant to tenant migrations, EM+S, interoperability and integration solutions.
  • Identity Design and Solutions – Safe, secure, and easy to use Identity management solutions are the key to a successful deployment. I can help design and implement the best identity solutions to meet your organization’s needs. 

Recent EXPTA Consulting customers include an international college Office 365 migration, a large Federal agency identity project, a mid-sized business insurance brokerage Exchange 2016 upgrade, private equity firms, and consulting/hosting providers. Set up a meeting to see how we can help you!
Read more ...

Proud to announce I'll be speaking at Microsoft Ignite!

Friday, September 1, 2017
Come join Ross Smith IV, Lin Chen, Mike Cooper and me at Microsoft Ignite in Orlando for, "The epic Exchange preferred architecture debate" on Wednesday at 12:30pm EDT.



Here, we plan to talk about what is the best, DAS or SAN? Are SSDs on the way in or are slow spindles here to stay? Should you give up and migrate to the cloud? What about virtualization?

Come listen to experts from inside and outside of Microsoft debate the various Exchange architectures that can be deployed on-premises and hybrid.

This is an open panel discussion where you can ask questions and learn about architectures and topologies that defy the preferred architecture, such as some of those listed in the Exchange Solution Reviewed Program (ESRP). We'll discuss the ESRP and it's role in Exchange architecture design.

I'll also be a panelist at the session, "Microsoft Exchange: Through the eyes of MVPs" on Thursday at 4:00pm EDT.

Microsoft says,
"We've assembled an amazing set of Exchange MVP luminaries, representing scores of years of experience, to share their unvarnished truth about all things Exchange. You won't want to miss your chance to ask questions and hear this panel's expert opinions. Hiring this set of experts for 75 minutes would cost you a fortune, but by attending this session, you'll only pay the small fee of having to listen to them occasionally poke fun at Microsoft - and each other."
I hope to see you there!

Read more ...

Be Aware: Your company's AAD Connect may Auto-Upgrade

Tuesday, July 25, 2017
Azure Active Directory Connect version 1.1.561.0 was just released and it expands the scope by which AAD Connect will automatically upgrade.

AAD Connect automatically checks for new builds ever since version 1.1.105.0, but some previous configurations have been unable to auto-upgrade due to customization. Examples include using a defined service account instead of the default account and AAD Connect staging mode installations, but their are many more new scenarios. Don't be surprised by unexpected upgrades now that this new version has been released.

Read my article, "Understanding Auto-Upgrade Options in Azure AD Connect" to learn the details about how it works and how to control it.
Read more ...

Discontinuation of Session Border Controllers in O365 and Why You Should Care

Tuesday, July 18, 2017

Microsoft announced today the Discontinuation of support for Session Border Controllers in Exchange Online Unified Messaging. This article is meant to explain what this means and why it's such a big deal.

Session Border Controllers (SBCs) are used to route SIP-SIP traffic. They act as two-legged single-purpose firewalls, used only for SIP traffic. SBCs are usually deployed in the DMZ, where one interface faces the internal network (gateway/PBX) and the other faces the Internet (Office 365). They are required for all PBXs except Lync Server and Skype for Business to connect to Office 365 for voicemail or cloud PBX. Two SBCs are required for this communication, one on-prem and another Microsoft-owned SBC in Office 365. ß This is what is being retired.

VOIP gateways are needed when a legacy TDM-based PBX does not speak SIP. They translate TDM (PRI) to SIP. A SIP trunk connects the VOIP gateway to the SBC in DMZ.

Customers have one or more of the following types of telephone systems that link to Office 365 for voicemail:

3rd party TDM-based PBX (analog)
Examples include Avaya, AT&T Merlin, Nortel. Requires a voice gateway and SBS to connect to either Exchange UM or EXO UM.


3rd party IP-based PBX (digital)
Examples include Cisco CallManager. Requires an SBS to connect to either Exchange UM or EXO UM.


Lync Server/Skype for Business
Makes an authenticated federated call to the Lync Online service.

An Office 365 customer must create an IP Gateway in the tenant for SBC connectivity to Office 365. This creates a public DNS entry that looks like [GUID].um.outlook.com that maps to the SBC in Office 365. There will be one for each customer, but all on-prem SBCs connect to the same IP Gateway address, so the actual number of SBCs is really unknown.

UM Gateway in Exchange Server

The number of customers utilizing SBCs to connect to Office 365 may be small according to Microsoft, but these are usually very large customers with many SBCs. Once customers settle on a connectivity solution they continue to invest and expand on it. That's why it's such a big deal, especially for these customers.

According to today's announcement, the Office 365 SBCs are scheduled to be decommissioned in July 2018. If you're one of the customers who rely on SBCs to connect your on-premises PBX to Office 365 for Exchange UM or Azure voicemail, you have till then to make a change. As the article states, you have four options:

  • Option 1: Complete migration from 3rd party on-premises PBX to Office 365 Cloud PBX.
  • Option 2: Complete migration from 3rd party on-premises PBX to Skype for Business Server Enterprise Voice on-premises.
  • Option 3: For customers with a mixed deployment of 3rd party PBX and Skype for Business, connect the PBX to Skype for Business Server using a connector from a Microsoft partner, and continue using Exchange Online UM through that connector. For example, TE-SYSTEMS’ anynode UM connector can be used for that purpose.
  • Option 4: For customers with no Skype for Business Server deployment or for whom the solutions above are not appropriate, implement a 3rd party voicemail system.
Options 1, 2, and 4 are pretty well understood, but not trivial. Option 3, the anynode UM connector, requires a bit more explaining.

The anynode Skype for Business Voicemail Connector is a software SIP-to-SIP SBC solution that uses the Microsoft Unified Communications Managed API (UCMA) to communicate directly with Skype for Business Enterprise Voice. It's available from a German software company called TE-SYSTEMS (kind of reminds me of Geomant MWI for Exchange 2007 - anyone remember that?) This is great if your PBX already does SIP, but a number of large customers have analog PBXs in one or more locations. Traditional SBCs can convert analog PSTN calls to SIP using a Voice Gateway feature, and then trunk it over to Skype for Business or Skype for Business Online.

I can understand why Microsoft is discontinuing their SBCs in Office 365. It makes them rely on a third-party system that's sometimes difficult to manage. And after all, Microsoft is in business to sell services like Skype for Business and cloud PBX. But forcing customers to plan for and deploy all-new phone systems, SBC solutions, or voicemail systems in one year is asking a lot. Especially for the size of the customers they're affecting.

So what do you think? Will this tactic make you go "all in" for cloud PBX, as Microsoft hopes, or will it drive you toward one of the other solutions? Either way, you better get started now.

Read more ...

Another Azure AD Connect Update - Version 1.1.558.0

Thursday, July 13, 2017
This is the third update in a row where Microsoft published the AAD Connect release notes before the upgrade is publicly available. And if history serves, they'll update the release notes again after the version is released.

If auto upgrade is currently enabled for your version of AAD Connect, don't be too surprised if your version auto upgrades to this version before it becomes publicly available. Microsoft sometimes trial updates some customers ahead of the public release.

Azure AD Connect version 1.1.558.0 continues to fix issues with OU filtering and expands the number of configurations where auto upgrade can be enabled. It's important to note that if your configuration falls under the new configuration requirements, upgrading to this version will enable auto upgrade. If you don't want auto upgrade enabled, you should run the following cmdlet to disable it:
Set-ADSyncAutoUpgrade -AutoUpgradeState disabled


You can always download the latest public release of AAD Connect here.

Read more ...