How to Configure the SCL in Exchange

Recently I was asked what the proper Spam Confidence Level (SCL) should be for an Exchange 2007 installation. The answer is the ever-popular, "it depends."

The SCL is a value that Exchange assigns to each incoming SMTP email and is based on Microsoft's SmartScreen technology. This score determines how likely Exchange thinks an email message is spam. A rating of 0 means the message is not likely spam and a rating of 9 means the message is most likely spam.

SmartScreen is a "black hole" technology -- meaning that the algorithms and heuristics it uses for scoring is not published by Microsoft, thereby making it more difficult for spammers to create messages that can score lower and pass the filter. The Exchange server downloads new heuristics from Microsoft periodically.

Exchange 2003 SP2 introduced the Internet Message Filter (IMF) to score emails with an SCL rating. Exchange 2007 uses Content Filtering on the Anti-spam tab of the Edge Transport server to score emails (as shown below). It can also be enabled on a Hub Transport server if Edge Transport servers are not used. See How to Enable Anti-Spam Functionality on a Hub Transport Server.

Selecting the right SCL filter level is not an exact science. You're trying to filter obvious spam without accidentally filtering legitimate messages. You can use the following method to determine the starting point for your filter.

Using Perfmon to Select the SCL Filter Level
The best way to determine the appropriate SCL filter level is to use perfmon and examine the MSExchange Content Filter Agent object. Over time, the "Messages with SCL x" counters will increment and begin to show a trend.

In the example below, the Messages with SCL 0 through 7 counters are in the lower half of the scale. Messages with SCL 8 is off the charts at 270 -- more than all the lower SCL levels combined. From this data we can infer that it is safe to filter messages with an SCL higher than 7.

Note that these counters reset to zero upon restart of the server. It may take a little while before the trend appears.

Keep in mind that this is only the filter to begin with. You may have to adjust your filter up or down for your specific environment, but this will give you an excellent starting point.

SmartScreen filtering is just one of the anti-spam solutions available for Microsoft Exchange Server. Other solutions include Sender ID Framework, Outlook Junk E-Mail Filter, and Microsoft Exchange Hosted Filtering. See the Microsoft AntiSpam Technologies website for more details.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

It's Not Exchange 2007 Enterprise Until You Enter the Product Key

According to the Microsoft article, "Exchange Server 2007: Platforms, Editions, and Versions":

"When you install Exchange 2007, it is unlicensed and referred to as a Trial Edition. Unlicensed (Trial Edition) servers appear as Standard Edition, and they are not eligible for support from Microsoft Product Support Services. The Trial Edition expires 120 days after the date of installation."

This means that you will be unable to add additional storage groups, managed folders, or use any of the Exchange Enterprise features until you enter the Enterprise product key.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Customizing Server Manager in Windows Server 2008

This article explains how to create a customized Server Manager console for Windows Server 2008 that displays more (or less) MMC snap-ins and extensions. The example above shows the default Server Manager console with the Microsoft Exchange 2007 and Queue Viewer snap-ins added to it. Note that you can't customize the default Server Manager console in Windows Server 2008, but you can create a new one that you can customize.

To begin, use Windows Explorer to navigate to the %WINDIR%\System32 folder, right-click ServerManager.msc, and select Author. This will open the MSC for editing.

Click File, Options and set the Console Mode to User mode - full access. This will cause the new console to automatically save and remember views and changes you make to the console in the future. Click OK.

To add new snap-ins to the console, click File, Add/Remove Snap-in. Now click the Advanced button and select the checkbox to Allow changing the parent snap-in and click OK. Select Server Manager from the Parent snap-in drop-down box. This is where the new snap-ins will be added.

Now select the additional snap-in(s) you want to add to the console. In my example, I double-clicked Exchange Server 2007 and Queue Viewer to add them below the Server Manager snap-in, as shown below.

If you want to remove extensions (or features) from a snap-in, select the snap-in under Selected snap-ins and click the File Extensions button. Click Enable only selected extensions and clear the check-box for the extensions you want to hide, such as Component Services and Disk Management Extension in the example below, and click OK.

Once you've added and configured the snap-ins you want to add to the console, you have to save it. Click File, Save as and give the new console a unique name, such as ServerManager1.msc. Windows will save the new console in the %WINDIR%\System32 folder by default.

Now modify the Server Manager icon in the Windows task bar to launch the new console. Right-click the Server Manager icon in the Quick Launch toolbar and select Properties. Change the Target path to read %SystemRoot%\system32\ServerManager1.msc and click OK, as shown below.

Now when you click the Server Manager icon in the task bar, your new Server Manager console will be displayed with the new snap-ins. Not only that, Server Manager will remember states of extensions (such as always displaying the Standard view of Windows Services, a pet peeve of mine) and will also open to the last extension you viewed. If you decide you want to add or remove snap-ins from this console in the future, simply right-click the console icon and select Author to make your changes.

Hope this helps you out!

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Free/Busy Information in Exchange 2000/2003/2007

What is Free/Busy?
Users' availability information is stored in Exchange in a hidden system public folder. This information is used by Outlook and OWA to tell other users if they are free or busy (hence, the term Free/Busy information). Normally this information is displayed as color-coded blocked out areas in a user's calendar, as show above. If users have extended rights, they can right-click another user's blocked out time to view the subject of the busy time.

The Free/Busy information is posted as a single message that contains data for the entire Free/Busy duration. The default to publish is 2 month's worth of information, configurable in Outlook Options or via Group Policy. Every time the Free Busy information is updated, the message is overwritten.

Publishing Free/Busy Information
The way Free/Busy information is published to Exchange depends on the method used to update the user's calendar. The Outlook client is usually responsible for generating Free/Busy information. Outlook will read the calendar and generate Free/Busy every 15 minutes by default if the information has been changed. This schedule can be changed in Outlook options or via Group Policy. Outlook also republishes the Free/Busy information whenever Outlook is shut down.

So what happens when the user updates their calendar using Outlook Web Access (OWA) or some other non-MAPI client? In this case, Free/Busy information is updated by a background process called MSExchangeFBPublish (MadFB). This process runs under the System Attendant mailbox and updates Free/Busy every 5 minutes for OWA, OMA, and Entourage clients. When a change is made to the calendar, a Free/Busy message is submitted to the System Attendant mailbox on the mailbox server for the user. The MadFB process polls this mailbox and picks up that there has been a change. MadFB then publishes the user's full Free/Busy message to the Free/Busy folder overwriting the existing message.

Replicating Free/Busy Information
The short answer is don't do it. The only reason to replicate Free/Busy information is when you frequently have users accessing Free Busy information of users in another site, and those sites are separated by a slow or lossy network link. Replicating Free/Busy information introduces inherent latency and causes inaccuracy in the Free/Busy information. Users in one site may see information from a site that has not replicated yet.

Where is Free/Busy Information Stored?
As mentioned earlier, Free/Busy information is stored in a system public folder. You can view all the Free/Busy information in the org by opening the following URL in a web browser: "http(s)://ServerName/Public/Non_IPM_Subtree/SCHEDULE%2B%20FREE%20BUSY/".

Here, you will see a folder under SCHEDULE+ FREE BUSY for each Administrative Group in the format, "EX:/o=/OU=". Each folder contains messages for each user. These messages are the Free Busy information for the user. The messages are formatted as, "USER-/CN=RECIPIENTS/CN=".

Free/Busy message placement is based on the user's legacyExchangeDN attribute in AD. For example, if my legacyExchangeDN is /o=CompanyABC/ou=Paris/cn=Recipients/cn=jsguillet", my Free Busy information will be stored in the "USER-/CN=RECIPIENTS/CN=jsguillet" message in the "/EX:/o=CompanyABC/ou=Paris" folder.

You are unable to view the contents of the message, but you can delete it. Doing so will remove all Free Busy information from Exchange until it is republished using one of the methods explained above. If Free/Busy information is not available to other users, they will see black and white hash marks across your calendar and Outlook will say that Free/Busy information is not available for this user.

How to Republish Free/Busy Information
On occasion Free/Busy information may not be published correctly in Exchange. There are many reasons that this can occur. Examples include errors in Public Folder replication (if Free Busy is being replicated, another reason to not do this), network errors, and incorrect shutdown of Outlook or Windows.

So how do you republish Free/Busy information? The easiest way to do this for individual users is to have them run Outlook with the /CleanFreeBusy switch:

• Close Outlook


• Click Start, Run, enter "start outlook /cleanfreebusy" and click OK


• Outlook will start, generate the Free/Busy information from the Outlook calendar and republish it to Exchange within 5 minutes. It will overwrite any existing Free/Busy message or publish a new one if it doesn't exist.

While this is easy to do for one or two users, it isn't a good solution for all users in the enterprise since it requires user intervention.

Microsoft KB article 294282 details how to use Updatefb.exe to regenerate Free/Busy information from the calendar information contained in each user's mailbox. You run this utility under the context of a user or service account that has full mailbox access to the affected users. It reads a comma delimited file containing the alias and home mailbox server of each user (i.e., alias, mailbox1) and logs in as that user using Collaboration Data Objects (CDO). It then creates a single appointment for the user for today at 11:00pm. This marks the Free/Busy information as "dirty". It then logs off the MAPI connection, causing the Free/Busy information to republish to Exchange. Note that Updatefb will be unable to open disabled user's or hidden mailboxes, so be sure to exclude them from the CSV input file.

Updatefb.exe is an unsupported utility written by Microsoft and is only available through Microsoft Product Support Services. There are two versions of the utility, Updatefb.exe is the GUI version and CPPCDO.exe is a command line version. I have used it in several environments with no issues.

What About Exchange 2007?
Exchange 2007 uses an entirely new and different way to manage Free/Busy information, so the above does not apply in a pure Exchange 2007/Outlook 2007 environment. When using Exchange 2007 with Outlook 2007 Free/Busy information will no longer come from a Public Folder, but will instead use the Microsoft Exchange 2007 Availability Service. This web service will provide a direct look at the user's Free/Busy information without the need of a client publishing any data. Outlook 2007 and Exchange 2007 can still use (and will still have) the Free/Busy public folder for backwards compatibility with older Outlook clients.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Your Troubleshooting PAL

How many times have you been faced with a performance issue with a computer and you don't really know where to start? Sure, you can fire up Performance Monitor (perfmon) and start collecting data for analysis, but which counters do you collect and how do you identify a bottleneck?

Perfmon can gather tons of information and pouring over all that data for analysis can be a daunting task. Enter Performance Analysis of Logs (PAL), a new and powerful tool that reads in a performance monitor counter log in any known format and analyzes it using complex, but known thresholds. The tool produces an HTML report which reports important performance counters and displays alerts when thresholds are exceeded.

PAL is a free open source application developed by Microsoft and is hosted on CodePlex, Microsoft's open source project hosting web site. It requires two other free pieces of software on the computer where PAL will run:

Log Parser 2.2
Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key data sources on the Windows operating system such as the Event Log, the Registry, the file system, and Active Directory. PAL uses the Log Parser tool to query perform logs and to create charts and graphs for the PAL report.

Microsoft Office Web Components 2003
Log Parser requires the Office Web Components 2003 in order to create charts.

Note: Because there is no 64-bit version of the Microsoft Office Web Components, PAL only runs on x86 platform computers.

To use PAL, you begin by collecting performance data from the target machine using perfmon. Typically, I collect the Memory, Network Interface, Physical Disk, Processor and System counters to begin with. Once you've collected some data run PAL and walk through the wizard. Be sure to answer the Question Variable Names at the bottom of the Threshold File page. The variables are Number of Processors, use of the /3GB switch, is the target a 64-bit computer, total RAM and whether it has a kernel dump configured. Step through the rest of the wizard and PAL will create a batch file, run it and display the output as a graphical report in your web browser. Very cool!!!

You can view a LiveMeeting streaming video training of PAL here.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Using Exchange 2007 Header Firewall

Each time an SMTP email is passed from one server to another, the receiving server records the hand-off in the SMTP headers of the email. This is usually recorded like this:

Received: from ex01.companyabc.com (10.12.1.81) by edge.companyabc.com (12.5.1.168) with Microsoft SMTP Server id 8.1.278.0; Fri, 20 Jun 2008 15:17:46 -0700

Customers often do not like their internal email infrastructure exposed in the SMTP headers for security reasons. It displays private information, such as internal IP addresses and SMTP versions that can be used by bad guys for targeted attacks. In the example above, SMTP Server id 8.1.278.0 tells me that edge.companyabc.com at public IP 12.5.1.168 is running Exchange Server 2007 SP1.

You can remove this information from the SMTP headers on Exchange 2007 using a concept called Header Firewall. This is done using the remove-adpermission cmdlet in the Exchange Management Shell. If you use Exchange 2007 Edge server(s), run the following one-liner:

Remove-ADPermission -id "EdgeSync - companyabc to Internet" -User "MS Exchange\Edge Transport Servers" -ExtendedRights Ms-Exch-Send-Headers-Routing

Note: Replace "EdgeSync - companyabc to Internet" with the name of the Internet bound send connector. You can run the Get-SendConnector cmdlet to display the names of all the Exchange send connectors.

For Exchange 2007 implementations that do not use Edge servers, use the following:

Remove-ADPermission -id "companyabc to Internet" -User "NT Authority\Anonymous Logon" -ExtendedRights Ms-Exch-Send-Headers-Routing

Again, replace "companyabc to Internet" with the name of the Internet bound send connector.

Essentially, you want to remove the rights of the last user account that will handle the outbound SMTP from reading the Ms-Exch-Send-Headers-Routing attribute in Active Directory. For Edge servers that will be the MS Exchange\Edge Transport Servers user account and for everything else it will be NT Authority\Anonymous Logon. Doing so will remove all the internal relay entries in the header before the last Exchange server, making the email appear like it originated from that last server.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

New PowerShell Scriptomatic

For those of you who are familiar with the the WMI Scriptomatic tool (and those of you who aren't), check out this awesome new version for Windows PowerShell -- The PowerShell Scriptomatic!

This tool will have you writing PowerShell scripts like a pro with absolutely NO experience. Imagine the fun you'll have deleting all the user accounts in the domain without having to write a single line of code yourself! Well, errr, maybe that was a bad example.

Actually, this really is a great tool to use to create PowerShell scripts without having to know the classes and objects necessary to access. Just select the WMI namespace and WMI class to access, and the PowerShell Scriptomatic will generate the correct PowerShell code. Then use this code to experiment with or add to other snippets. Brilliant!

It's great for those new to PowerShell and seasoned veterans who are just plain lazy.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

TechEd Newbie Resource Posts

---

---

As TechEd 2008 ITPro week approaches, I thought I'd provide links to the posts I've made that will help first time TechEd attendees. A sort of one stop shopping blog entry, if you will.

• TechEd 2008 Tips
• TechEd 2008 - Gear to Bring
• TechEd 2008 Group, Calendar and more
• TechEd Tips for Families
• TechEd - Feeding the Masses
• TechEd Attendee Party - What to Expect
• TechEd 2008 Schedule Builder
• TechEd Session Question
• TechEd for Novices

If you have a suggestion for future articles, let me know by posting a comment.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

New TechEd Airline Check-in Service

Open Thursday, June 12 and Friday, June 13
7:00am–6:00pm
South Hall A1 next to Registration

New this year for TechEd attendees!

Airline Check-in is a full-service, multi-airline remote skycap operation that offers issuance of boarding pass and luggage receipts. The next time you’ll have to think about your luggage will be at your final destination!

Airline Check-in service is available to all attendees departing on domestic flights from Orlando International Airport on American, Alaska, Air Tran, Continental, Delta, JetBlue, Northwest and United Airlines. You must have your luggage checked in a minimum of three hours before your flight departure time.

Remember, this service is only valid for flights departing on June 12-13.

Check Your Bags
Enter Event ID: 15019 and Passcode: microsoft to check your baggage and receive your boarding pass. Online check-in service fee is US$5 per person.

Walk-up airline check-in at the OCCC is US$10 per person.

Airline Check-in is also available at the Rosen Centre and Rosen Plaza hotels.

Check your bags here!

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Outlook Calendar Synchronization Cookbook

I carry an AT&T 8525 Windows Mobile device as my phone and PDA. It’s connected to my company’s Exchange 2007 server back in the office, but as a consultant I’m nearly always at a client site.

When I’m onsite for any length of time the client usually provides me with an email account on their network so that I can more easily communicate with teams and accept meeting invitations. The trouble for me has always been how to synchronize calendar data between the two calendars. There are lots of hard and messy ways to do this – I can forward the appointments to my WM device or type them in manually, or I can use Google calendar to do a “middle man” synchronization.

What I’ve discovered that does a really good job is a software and service called Funambol. This free service is made up of three components:

• The Funambol client for Windows Mobile
  
• The Funambol client for Windows Outlook
  
• The myFunambol Portal, the hosted server that holds the synchronized data
  

Funambol can perform synchronization of email, contacts, calendar items, tasks, notes and briefcases. Synchronization can be one-way (from Funambol server to phone only or from phone to server only) or two-way. Since I only perform calendar synchronization this article only covers this, but the other types of synchronization can be setup the same way.

To begin, sign up for a free myFunambol account at http://my.funambol.com. This creates a personal database account for you that will hold the synchronized data. The myFunambol portal also offers a web interface where you can view and manage your synchronized data stored on the server.

Next, download the Funambol Outlook Plugin from https://www.forge.funambol.org/download and install it on the computer with Outlook that you want to sync with your mobile device. Follow the Wizard to install the plugin. I won’t list them here because Funambol updates their software regularly and the steps may change, but here are the settings I use in the version I’m currently using:

• Account and password are the same as the myFunambol account
  
• Sync Calendar; One-way: Outlook -> Server; Synchronize every 2 hours

Test the synchronization from Outlook. The plugin may warn you that it needs to perform a full sync the first time. Once the sync completes, log into the myFunambol portal to ensure that your data is there.

Now download and install the correct Funambol client for your mobile device from https://www.forge.funambol.org/download. Funambol makes one for Windows Mobile PocketPC, Windows Mobile Smartphone, Blackberry, Java based phones and even the Apple iPod.

Install the client on your device and configure it thusly:

• Account and password are the same as the myFunambol account
  
• Synchronize all items in: Calendar
  
• PIM options – Sync Direction: Server to Phone only
  
• Sync Method: Scheduled Sync, Sync every 2 hours

Now sync your mobile device. The device will tell you that it needs to perform a full sync the first time and begin syncing the data from the myFunambol portal.

Viola!!! Calendar synchronization made easy!

For this solution to work, your Outlook client must be running and have Internet access.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Teched 2008 Extracurricular Activities Map

At the request of geniph on the Extracurricular Activities group on the Microsoft TechEd Connect site, I created the Teched 2008 Extracurricular Activities Map.

This map is based on the events in the TechEd 2008 Extracurricular Activities Calendar to help show the distances between each event.

If you know of an event, party or activity not listed on the calendar, please leave a comment and I'll add it.


View Larger Map

Since everything's pretty close to each other, click View Larger Map to open it in a new window. Then you can use your mousewheel to zoom in and out, and to drag the map around.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

TechEd Attendee Party - What to Expect

Here's a little write up of what to expect for the TechEd Attendee Party at Universal Studios Orlando.

Around 6:00 at the convention center there will be more buses in one place than you've probably ever seen before. In the past, buses leave from the conference center to Universal Studios theme park, but last year they picked us up at the same bus stops in front of the hotel that we use to go to the convention center. Buses will run every 10 minutes or so. There will be many more people in line waiting for a bus than the buses can hold. Just be patient and meet some new friends while you wait. Hopefully it won’t rain while we’re waiting, like it did last year. :)

Remember to wear comfortable shoes and clothes, You’ll be doing a lot of walking and standing (after a full day of walking the TechEd floor).

When you arrive at Universal, there will be lots of staff on hand to usher you into the park or answer questions. All the rides, food and drink that are open are free. There will be soda and beer stands setup along the walkways. It’s a very festive, fun and family friendly atmosphere.

The big rides, like The Simpsons Ride, Shrek 4-D, and Revenge of the Mummy, are very popular, but the lines move pretty quick. The park is open to us from 6:30-11:00pm, so be sure to scope out the rides and restaurants you want to visit before getting to the park. Not all rides may be open, however, due to maintenance or weather.

The park will close sharply at 11:00pm, which leads us to the most thrilling ride of the them all… Getting back to the hotel! This is probably my least favorite part of TechEd. Thousands of people, all as tired as you, descending on an extremely crowded area filled with buses. You have to find the one that’s going back to your hotel region and fight to get on board. Keep your kids close (if they were lucky enough to come with you).

Some people choose to skip the throngs of people by hanging out along Universal City Walk. Here, you can browse shops and maybe get a drink of something stronger at one of the bars, like Jimmy Buffett’s Magaritaville. Just be sure not to miss the last bus or you'll be calling a cab! Which come to think of it, isn't such a bad idea...

Update: Microsoft just changed the hours for the Attendee Party to run from 8:00pm-12:00am this year. :(

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Quickly installing MOSS 2007 with SP1 on Windows Server 2008

If you try to install MOSS 2007 on Windows Server 2008, you are going to get an error that there is an incompatibility. To install, you need SP1 for MOSS.

You can slipstream SP1 yourself, but it turns out there's an easier way. First, install the trial version of MOSS 2007 with SP1 (32 bit or 64 bit). After you install the trial version, upgrade from the trial version.

1. In Central Administration, on the top link bar, click Operations.
2. On the Operations page, in the Upgrade and Migration section, click Convert license type.
3. On the Convert License Type page, in the Enter the Product Key box, type the new product key.

Thanks to Kirk Allen for the tip!

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

PowerShell on Windows Server 2008 Server Core!

Yes, it is possible.

No, it is not supported. Don't even ask...

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Unable to Successfully Promote SCOM RMS Server

If the root management server (RMS) in a System Center Operations Manager 2007 (SCOM 2007) implementation fails or becomes unavailable for some reason the entire SCOM system will fail. Well, not exactly. The managed agents will still collect performance and alert data and will either queue this data or forward it to its management server. The management servers will be unable to forward this information to the SQL database and administrators will be unable to launch either the Operations or web consoles, so it's as good as dead.

There are two ways to rectify this -- bring the RMS server back online or promote an existing SCOM management server to an RMS. Microsoft article, "How to Promote a Management Server to a Root Management Server Role in Operations Manager 2007" does a good job of explaining the steps required, so I won't go through them here. But what happens if you get the following error when promoting the new RMS?

The machine managementserver is a server for multiple management groups (not supported)!

This occurs when the registry contains extra "Parent Health Service" or "Send Priority" keys under the Server Management Groups key. Navigate to:

HKLM-Software-Microsoft-Microsoft Operations Manager-3.0-Server Management Groups

Under this key you should see a key that matches the name of your SCOM management group. There should not be any other keys at the same level as the management group name. Back them up and delete them. In the example below, backup and delete the "Send Priority" key and its subkeys.

Run the same ManagementServerConfigTool.exe PromoteRMS command and it should work now.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

TechEd Tips for Families

Today we have a special guest article from my wife, Amy!

She wrote the following helpful tips for families who will be accompanying their significant other to TechEd in Orlando:

Kids and Tech Ed Tips and Tricks

You’ll most likely be in a hotel on or near International Drive. There is a trolley that runs up and down the street. Buy the 7 day ticket pass at your hotel's concierge. The trolleys run about every 15 to 20 minutes at stops all along the drive. There are well marked signs for the trolleys and they are so much more comfortable than walking in the heat with kids.

There's tons to do on International Drive. Lots of different themed mini golf places, a water slide park, an upside down museum (Wonderworks), and a go-kart park.

There are not a lot of “kid” places to eat, just a Denny’s, Chuck E. Cheese's, and a *big* McDonald's. If you order in like pizza or something, remember that there are thousands of guests in town for the conference and it could, and probably will, take well over an hour to get the food delivered. The other restaurants get very busy in the evening so call ahead for reservations. No grocery stores are nearby.

Take advantage of the breakfasts at your hotel and grab a few extra pieces of fruit for the room and hungry kids for later. Have your husband bring back extras of all the snack handouts from the conference. You could practically feed off of these alone for the week. It’s all grab and go, prepackaged stuff from granola bars, to cookies, to Power Bars.

Remember it’s hot, so be realistic about how much you and your children can do. I find that mine are very happy to get the afternoon off to just play in the pool at the hotel. It also helps if your hotel offers an adult “happy hour.” :)

Most hotels offer shuttle service to Disney World and other parks (Universal Studios, Islands of Adventure, Epcot, Sea World, etc). Check at the front desk the day before as you might need to reserve a seat.

Theme parks are all fun but choose wisely based on your children’s ages. If they are over 10 then Animal Kingdom in Disney World would be OK, but might be bored with the rest of the “princess” thing. Universal is fun for older kids, but not for younger ones due to height requirements on most rides. Islands of Adventure is a good dual choice with things for older and younger kids and a nice “downtown” area with restaurants and shops just outside the park.

If you have a car, Kennedy Space Center at Cape Canaveral is not that far away. It’s only about 40 minutes, but remember that there are toll roads all over the state so have lots of change handy. The Kennedy Center is amazing and worth going to if you can make it. You can spend the whole day there. If no car, check with the concierge for a tour group. Allow a full day to enjoy it all. It will be in the mid 90’s and humid so hats, sun block and lots of water are a necessity.

Amy
TechEd veteran and mother of an 8 and 12 year old

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

SQL Exceptions during SCOM 2007 RMS Promotion

The Micosoft article, "How to Promote a Management Server to a Root Management Server Role in Operations Manager 2007" does a pretty good job of explaining how to promote a SCOM 2007 management server to a root management server.

While performing a disaster recovery test today, I found that I was getting the following SQL exceptions when I ran the ManagementServerConfigTool.exe PromoteRMS command:

The type initializer for 'Microsoft.MOMv3.Setup.MOMv3ManagedCAs' threw an exception.

Turns out this is because I ran the ManagementServerConfigTool.exe PromoteRMS command directly from the SCOM SP1 Support Tools folder, which is missing some of the DLLs required to run the command.

Simply copy the files from the Support Tools folder on the SP1 CD to the local \Program Files\System Center Operations Manager 2007 folder and re-run the command.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Microsoft Exchange Server 2007 Management Tools (32-Bit) Released

Microsoft has released a 32-bit version of the Microsoft Exchange Server 2007 Management Tools.

Exchange Server 2007 is a native 64-bit application that includes 64-bit management tools. You can use the management tools to administer your Exchange Server environment remotely. If your remote computer is running a 32-bit operating system, you will need to download the 32-bit management tools.

The Exchange management tools include the Exchange Management Console (EMC), the Exchange Management Shell (EMS), the Exchange Help file, the Microsoft Exchange Best Practices Analyzer Tool, and the Exchange Troubleshooting Assistant Tool.

Get the 32-bit Exchange management tools here.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Error Running SecureStorageBackup

When backing up or restoring the RMS keys using the SecureStorageBackup utility in SCOM SP1, you may come across the following error:

Could not load file or assembly 'Microsoft.Mom.Common, Version=6.0.4900.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified.

To fix this, copy Microsoft.Mom.Common.dll from C:\Program Files\System Center Operations Manager 2007 to the same folder where SecureStorageBackup.exe is run. Then run SecureStorageBackup again.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

TechEd 2008 Group, Calendar and more

Just a reminder to all Teched 2008 attendees to visit my Extracurricular Activities group on TechEd Connect. Here, you'll read about any parties, get togethers and activities outside the event itself. Recent discussions have been around golf and poker.

You can also view the Extracurricular Activities Calendar to see which activities to join. If you have an event, no matter how small, you'd like to add to the calendar please let me know.

And be sure to check out Microsoft TechEd Online, a site devoted to TechEd 2008 Developers and IT Pros. Here, you can read about the event itself as well as what other TechEd bloggers are blogging about.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Failure installing VMM2008

When installing the server component of Microsoft System Center Virtual Machine Manager 2008, you may come across the following error:

Microsoft System Center Virtual Machine Manager 2008 installation did not complete successfully. Review the error log for information, and then try Setup again.
ID: 205. Details: Fatal error during installation

Virtual Machine Manager Server installation did not successfully install. All items that were copied during the installation process have been removed, however some required prerequisite software is still present on the machine. It is not necessary to remove the remaining software before you run Setup again. But you can uninstall the prerequisite software by going to Add or Remove Programs.
For error details, click the Error tab.

The ServerSetup.log file also references error 1603 in various places. This is caused by name resolution (DNS lookup) failures. Examine your DNS configuration for any or more of the following errors:

• Misconfigured TCP/IP settings
• Primary DNS is misconfigured on the VMM server
• The VMM server is unable to resolve the DC by name
• The VMM server does not have a record in DNS
• The DC is unable to get proper name resolution of the VMM server
• Incorrect DNS forwarding
• DNS is not functioning correctly on the DNS server

Once the errors have been corrected, reinstall the VMM server component.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Can my system support Hyper-V?

This is a common question. Hyper-V requires three things: processor virtualization support, BIOS virtualization support and Windows Server 2008 with Hyper-V.

Processor virtualization is provided by Intel (Intel VT) and AMD (AMD-T) processors. You can check each of these websites to see if a processor supports virtualization. AMD offers an AMD Virtualization™ Technology and Microsoft® Hyper-V™ System Compatibility Check Utility that will tell if the installed AMD CPU supports it.

BIOS virtualization support, however, can be dicey. Normally, a BIOS manufacturer will offer the ability to turn virtualization on or off -- but not always. I have a Dell Dimension E521, for example, that doesn't offer virtualization configuration. Thankfully, it's enabled by default in this BIOS.

So how do you tell if your machine will support Hyper-V? Well, the easiest way by far is to use a utility by Gibson Research called SecurAble. This handy little program will quickly tell you if your computer is 64bit, running hardware DEP and is virtulization capable.

Note that SecurAble will report that Hardware Virtualization is "No" if you run it on a Windows Server 2008 computer that has the Hyper-V role installed. This is because Hyper-V capability is "hidden" once it's installed. See the Virtual PC Guy's WebLog for more details about this.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Well, that was painful...

I'm installing a new SCOM 2007 SP1 infrastructure in a test environment.

I built up a couple of SQL 2005 database servers and two management servers, one of each in each of two sites. I installed the SCOM database on the first SQL server and then installed SCOM on the first management server, making it the root management server (RMS).

After SCOM installs, setup asks if you want to run the Operations Console. I cleared the checkbox to do so and began to immediately upgrade to SCOM 2007 SP1. Big mistake. Now I couldn't log into the console with any account. It seems that SCOM needs to do some more setup when you run the console for the first time.

I ended up completely uninstalling SCOM from the RMS and deleting the OperationsManager database from the SQL server, then I reinstalled everything. This time I launched the console before upgrading to SP1. It worked, but wasted about an hour and a half.

Learn from my mistake.