FIM-TROUBLESHOOTING: ORACLE MANAGEMENT AGENT: Full Import (Stage Only) completes with the message "Completed No Objects":
ORACLE MANAGEMENT AGENT: Full Import (Stage Only) completes with the message "Completed No Objects": http://social.technet.microsoft.com/wiki/contents/articles/14345.oracle-management-agent-full-import-stage-only-completes-with-the-message-completed-no-objects.aspx
Tim Macaulay Security Identity Support Team Support Escalation Engineer
Exchange 2010 Redundancy
THIS IS A CONTINUATION OF THE THREAD POSTED HERE
Ok, we had a lot of meetings about the use of a KEMP and DAG's for resiliency. I am now being told that it was either a DAG we would implement or a KEMP load balancer. The KEMP load balancer was said to do full resiliency. My understanding is that the KEMP will not do support the mailbox server role, so if a server goes down and if a users mailbox was in a database on that server, they can't use email.
When I was first told about implementing failover redundancy I was pointed to the KEMP with a DAG and following this article as a guide. As the title states it's for Client Access Servers. I was new to DAGs at this point, never heard of them. But knew it was the only way to have complete resiliency. I was sent off with other blogs such as this one. How can this blog even say it's redundant, when it's neglecting the mailbox server role -- it can't.
I knew I needed Windows Server 2008 Enterprise to implement a DAG, and I pointed proof to it in some books. But then I found articles that the KEMP load balancer could provide the services that were required from the server 2008 enterprise clustering. So I thought it would be possible, to implement a DAG using the load balancer. My new understanding was incorrect and my original understanding was true.
Can anyone provide me with some options for resiliency for the mailbox role?
I currently have 2 servers with all roles. I am thinking I can use a dedicated machine with ISCSI targets and have one, of those two exchange servers, with the mailbox server role installed to have access to those drives. This will allow for the data to be stored on a different server and possibly in a different location. However, it wont work because if the mailbox server goes down, the other server wont be able to access the mailbox database, as it would access it through the failed server. I would also utilize the KEMP load balancer to provide CAS redundancy.
So again, how might I be able to make this work with 2 exchange servers that utilize Windows Server 2008 R2 Standard.
Reply:
Sukh
------------------------------------
Reply:
If you don't have the possibility to use Enterprise edition then SAN replication or a solution like Doubletake could handle the DR part for you - however if cost is the limiting factor you could find that 2x Enterprise edition licenses are cheaper.
------------------------------------
Reply:
------------------------------------
Reply:
------------------------------------
Reply:
Sukh
------------------------------------
Reply:
Sukh828,
There is only two servers.
I need a solution that will allow 2 servers. With the solution you are refering to requires atleast 4. 2 for CAS and 2 for mailbox server role.
- Edited by Krptodr Monday, November 5, 2012 10:21 PM
------------------------------------
Reply:
:-)
If you only have a single mailbox server then all that you get from the 3rd party tools is DR i.e. if your server (or storage) goes bang you have another near live copy of the database(s). You can recover a mailbox server from bare-metal in less than an hour.
If you want any kind of live failover or automatic recovery then you need 2 mailbox servers either in a DAG (best solution) or with 3rd party storage replication that is Exchange aware.
------------------------------------
Reply:
Ok Steve, I like the route your going with this. I need live failover/automatic recovery. DAG is not an option because we do not have Server 2008 Enterprise. I am not a fan of third party tools for critical services, but if it's the only option, then I have no choice but to look into it.
What third party tools are available that are highly recommended?
------------------------------------
Reply:
Sukh
------------------------------------
Reply:
Thhat maakes no difference, olk connect to the rpc name, which connects to the cas, which then connect to the mbx server. So if 1 server is down, it will connect to the other server, makes sense?Only 1 server would have the MS role. Unless I could get both the servers to have the MS role and both of those could access one mailbox database, and in my understanding and experience, this can not happen. So if the MS role server went down, the CAS server would not be able to point to anything. However, I do understand what you are saying. I believe you are saying, that you if in the event I had 4 servers, 2 CAS and 2 MS roles, and if 1 of those MS servers went down the two CAS servers would point to the one that is up and active.
Sukh
------------------------------------
Reply:
Ok Steve, I like the route your going with this. I need live failover/automatic recovery. DAG is not an option because we do not have Server 2008 Enterprise. I am not a fan of third party tools for critical services, but if it's the only option, then I have no choice but to look into it.
What third party tools are available that are highly recommended?
Question for you: What is your definition of high availibility? In other words, what is your level of tolerance for down time? If you cant use a DAG and 3rd party options are out ( P.S. the 3rd party options will probably cost more than the Enterprise versions of Windows), then consider the built-in techniques for Exchange recovery.
http://technet.microsoft.com/en-us/library/dd876874.aspx
Database Portability is very interesting, low-cost solution :)
------------------------------------
Reply:
Sukh
------------------------------------
Reply:
Ok Steve, I like the route your going with this. I need live failover/automatic recovery. DAG is not an option because we do not have Server 2008 Enterprise. I am not a fan of third party tools for critical services, but if it's the only option, then I have no choice but to look into it.
What third party tools are available that are highly recommended?
Question for you: What is your definition of high availibility? In other words, what is your level of tolerance for down time? If you cant use a DAG and 3rd party options are out ( P.S. the 3rd party options will probably cost more than the Enterprise versions of Windows), then consider the built-in techniques for Exchange recovery.
http://technet.microsoft.com/en-us/library/dd876874.aspx
Database Portability is very interesting, low-cost solution :)
We our a small company with high standards. If email went down, I wouldn't hear the end of it from the owner. My personal opinion is that we can have mail go down for 3 hours. I know 3 hours wont fly with anyone else, but like I said, small company high standards. So in that case, our goal is to have email service available for any local disaster within 100 mile radius. Database portability will of course be something to keep in mind, but that would require downtime, and the amount of time depends mostly on the size of the hard drives and the hardware used. In my organization, my guess would be atleast 30 minutes. That is calculated at a 10% overhead.
Database portability wont be an option even if it means only 30 minutes of down time, because to them it's still downtime.
------------------------------------
Reply:
my understanding is that you had 2 servers with all the roles deployed on them, I may have misread the post. All Im saying is keep it simple, just use the ent edition with all roles on both.
Sukh
You are absolutely correct, 2 servers with all roles. I want them to purchase server enterprise, but because the person who researched all this and ordered the supplies, went against my suggestion and he went with standard.
I have now spent months of work in the LAB testing the new exchange server and then finally moved it to production. I am about ready to move mailboxes over, but took a break today because I came upon this topic from my other thread.
I'd hate to have to do this 3 more times. I wouldn't mind because I gain experience from it, but the time invested is to much.
------------------------------------
Reply:
Ok Steve, I like the route your going with this. I need live failover/automatic recovery. DAG is not an option because we do not have Server 2008 Enterprise. I am not a fan of third party tools for critical services, but if it's the only option, then I have no choice but to look into it.
What third party tools are available that are highly recommended?
Question for you: What is your definition of high availibility? In other words, what is your level of tolerance for down time? If you cant use a DAG and 3rd party options are out ( P.S. the 3rd party options will probably cost more than the Enterprise versions of Windows), then consider the built-in techniques for Exchange recovery.
http://technet.microsoft.com/en-us/library/dd876874.aspx
Database Portability is very interesting, low-cost solution :)
We our a small company with high standards. If email went down, I wouldn't hear the end of it from the owner. My personal opinion is that we can have mail go down for 3 hours. I know 3 hours wont fly with anyone else, but like I said, small company high standards. So in that case, our goal is to have email service available for any local disaster within 100 mile radius. Database portability will of course be something to keep in mind, but that would require downtime, and the amount of time depends mostly on the size of the hard drives and the hardware used. In my organization, my guess would be atleast 30 minutes. That is calculated at a 10% overhead.
Database portability wont be an option even if it means only 30 minutes of down time, because to them it's still downtime.
Ok, well, Im thinking either they cough up the bucks for Enterprise Windows and you build the DAG or they need to outsource the mail if downtime is not an option...Either way, Its not free which of course you already know and you are fighting that battle.
------------------------------------
Reply:
Sukh
------------------------------------
Reply:
I still dont know why u cant use ent if u want ha? this seems to be the sensible option or consider O365.It baffled me as well, but I shrugged it off. I suggested hosted exchange, but they didn't want to pay the $4-$8 per person. Even though we only have 36 active users, they didn't want to pay it. The way they use email is like a CRM service. They want the flexibility with having it hosted on-premise. I will convince him to get enterprise. I have more weight behind me, because I am no longer considered "new."
Sukh
------------------------------------
Reply:
Sukh
------------------------------------
Reply:
I still dont know why u cant use ent if u want ha? this seems to be the sensible option or consider O365.It baffled me as well, but I shrugged it off. I suggested hosted exchange, but they didn't want to pay the $4-$8 per person. Even though we only have 36 active users, they didn't want to pay it. The way they use email is like a CRM service. They want the flexibility with having it hosted on-premise. I will convince him to get enterprise. I have more weight behind me, because I am no longer considered "new."
Sukh
Bottom Line: No Windows Enterprise. No Exchange HA.
------------------------------------
Reply:
I have informed them of what we need to do and they are now going to get rid of the KEMP load balancer and purchase a license for Windows Server 2008 R2 Enterprise. We have the ability to use ActionPack for a single Enterprise license.
Will the DAG have an FQDN so I don't have to utilize DNS Round Robin for CAS access?
------------------------------------
Reply:
------------------------------------
Reply:
Sukh
------------------------------------
Reply:
I have informed them of what we need to do and they are now going to get rid of the KEMP load balancer and purchase a license for Windows Server 2008 R2 Enterprise. We have the ability to use ActionPack for a single Enterprise license.
Will the DAG have an FQDN so I don't have to utilize DNS Round Robin for CAS access?
Here are the load balancing options Pros and cons for the CAS:
http://technet.microsoft.com/en-us/library/ff625247.aspx
Understanding Load Balancing in Exchange 2010
Note there are changes that will be coming in Exchange 2013 - Layer 4 Load balancing for the Front End Servers. Maybe worth waiting for?
------------------------------------
Reply:
I shouldn't need load balancing. The CAS array will support a single FQDN for the two DAG members. The DAG will redirect CAS connections to the server that is running. In an environment of 50 client devices and 25 active sync devices, I don't believe I would bog down the 2 DAG members. Would you agree?
------------------------------------
Reply:
------------------------------------
Reply:
I shouldn't need load balancing. The CAS array will support a single FQDN for the two DAG members. The DAG will redirect CAS connections to the server that is running. In an environment of 50 client devices and 25 active sync devices, I don't believe I would bog down the 2 DAG members. Would you agree?
The CAS Array is just an AD object. It does nothing other than define the connection point:
http://blogs.technet.com/b/exchange/archive/2012/03/28/demystifying-the-cas-array-object-part-2.aspx
The DAG doesnt redirect CAS connections. The CAS direct the client conenctions to the active store where the client's mailbox lives leveraging Active Manager components.
If you dont have true CAS load balancing, you dont have true HA. You have mailbox HA with the DAG. To achieve *client* HA, you need CAS Load Balancing.
P.S. Sorry if that wasnt clear before. CAS and MBX both need their own forms of HA. If you seperate the CAS roles from the MBX, and build 2 additional servers, you can use Windows NLB instead of purchasing a 3rd party load balancer. You would only need Windows Standard on the CAS role standalone server.
- Edited by Andy DavidMVP Tuesday, November 6, 2012 6:11 PM
------------------------------------
Reply:
So then let me ask this. If I do not use a load balancer, and the CAS connections are directed to where the clients mailbox lives, but the mailbox role is HA and the one DAG member has a corrupt mail DB, then wouldn't the CAS client connection be redirected to the other DAG member?The CAS Array is just an AD object. It does nothing other than define the connection point:
http://blogs.technet.com/b/exchange/archive/2012/03/28/demystifying-the-cas-array-object-part-2.aspx
The DAG doesnt redirect CAS connections. The CAS direct the client conenctions to the active store where the client's mailbox lives leveraging Active Manager components.
If you dont have true CAS load balancing, you dont have true HA. You have mailbox HA with the DAG. To achieve *client* HA, you need CAS Load Balancing.
------------------------------------
Reply:
So then let me ask this. If I do not use a load balancer, and the CAS connections are directed to where the clients mailbox lives, but the mailbox role is HA and the one DAG member has a corrupt mail DB, then wouldn't the CAS client connection be redirected to the other DAG member?
The Load balancer balances the client to CAS connections. Not the CAS>MBX connection. If you dont have a load balancer for the CAS and Server1 is down. How will you seamlessly redirect the clients to the CAS role on Server2? Withough a load-balancer, it wont be seamless and the clients will notice and may not be able to connect until they are restarted or DNS cache is updated etc etc...
Forget the CAS > MBX connection for now. Focus on the Client to CAS connection. That is what the Kemp ( or other load balancer) takes care of.
------------------------------------
Reply:
------------------------------------
Reply:
So then let me ask this. If I do not use a load balancer, and the CAS connections are directed to where the clients mailbox lives, but the mailbox role is HA and the one DAG member has a corrupt mail DB, then wouldn't the CAS client connection be redirected to the other DAG member?Would it be fair to say that the size of the company is small enough to utilize NLB instead of HLB?
The Load balancer balances the client to CAS connections. Not the CAS>MBX connection. If you dont have a load balancer for the CAS and Server1 is down. How will you seamlessly redirect the clients to the CAS role on Server2? Withough a load-balancer, it wont be seamless and the clients will notice and may not be able to connect until they are restarted or DNS cache is updated etc etc...
Forget the CAS > MBX connection for now. Focus on the Client to CAS connection. That is what the Kemp ( or other load balancer) takes care of.
------------------------------------
Reply:
So then let me ask this. If I do not use a load balancer, and the CAS connections are directed to where the clients mailbox lives, but the mailbox role is HA and the one DAG member has a corrupt mail DB, then wouldn't the CAS client connection be redirected to the other DAG member?
The Load balancer balances the client to CAS connections. Not the CAS>MBX connection. If you dont have a load balancer for the CAS and Server1 is down. How will you seamlessly redirect the clients to the CAS role on Server2? Withough a load-balancer, it wont be seamless and the clients will notice and may not be able to connect until they are restarted or DNS cache is updated etc etc...
Forget the CAS > MBX connection for now. Focus on the Client to CAS connection. That is what the Kemp ( or other load balancer) takes care of.
Would it be fair to say that the size of the company is small enough to utilize NLB instead of HLB?
WNLB is low end, true. But, I use it for small offices and it works fine in those scenarios. Understand its limitations though from that article I posed above:
Windows Network Load Balancing (WNLB) is the most common software load balancer used for Exchange servers. There are several limitations associated with deploying WNLB with Microsoft Exchange.
- WNLB can't be used on Exchange servers where mailbox DAGs are also being used because WNLB is incompatible with Windows failover clustering. If you're using an Exchange 2010 DAG and you want to use WNLB, you need to have the Client Access server role and the Mailbox server role running on separate servers.
- Due to performance issues, we don't recommend putting more than eight Client Access servers in an array that's load balanced by WNLB.
- WNLB doesn't detect service outages. WNLB only detects server outages by IP address. This means if a particular Web service, such as Outlook Web App, fails, but the server is still functioning, WNLB won't detect the failure and will still route requests to that Client Access server. Manual intervention is required to remove the Client Access server experiencing the outage from the load balancing pool.
- WNLB configuration can result in port flooding, which can overwhelm networks.
- Because WNLB only performs client affinity using the source IP address, it's not an effective solution when the source IP pool is small. This can occur when the source IP pool is from a remote network subnet or when your organization is using network address translation.
------------------------------------
Reply:
So then let me ask this. If I do not use a load balancer, and the CAS connections are directed to where the clients mailbox lives, but the mailbox role is HA and the one DAG member has a corrupt mail DB, then wouldn't the CAS client connection be redirected to the other DAG member?Would it be fair to say that the size of the company is small enough to utilize NLB instead of HLB?
The Load balancer balances the client to CAS connections. Not the CAS>MBX connection. If you dont have a load balancer for the CAS and Server1 is down. How will you seamlessly redirect the clients to the CAS role on Server2? Withough a load-balancer, it wont be seamless and the clients will notice and may not be able to connect until they are restarted or DNS cache is updated etc etc...
Forget the CAS > MBX connection for now. Focus on the Client to CAS connection. That is what the Kemp ( or other load balancer) takes care of.
Would it be fair to ask that if the company is probably of the size where it does not want to pay for multiple Exchange servers and load balancers, then Office 365 should also be considered? Trying to make a competitive business case for that number of users is hard, compared to moving to the cloud.
Just saying.....
Cheers,
Rhoderick
Microsoft Premier Field Engineer, Exchange
Blog:
http://blogs.technet.com/rmilne Twitter: 
LinkedIn: 
Note: My posts are provided "AS IS" without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
------------------------------------
Reply:
So then let me ask this. If I do not use a load balancer, and the CAS connections are directed to where the clients mailbox lives, but the mailbox role is HA and the one DAG member has a corrupt mail DB, then wouldn't the CAS client connection be redirected to the other DAG member?Would it be fair to say that the size of the company is small enough to utilize NLB instead of HLB?
The Load balancer balances the client to CAS connections. Not the CAS>MBX connection. If you dont have a load balancer for the CAS and Server1 is down. How will you seamlessly redirect the clients to the CAS role on Server2? Withough a load-balancer, it wont be seamless and the clients will notice and may not be able to connect until they are restarted or DNS cache is updated etc etc...
Forget the CAS > MBX connection for now. Focus on the Client to CAS connection. That is what the Kemp ( or other load balancer) takes care of.
Would it be fair to ask that if the company is probably of the size where it does not want to pay for multiple Exchange servers and load balancers, then Office 365 should also be considered? Trying to make a competitive business case for that number of users is hard, compared to moving to the cloud.
Just saying.....
Cheers,
Rhoderick
Microsoft Premier Field Engineer, Exchange
Blog:Note: My posts are provided "AS IS" without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
Yep, Agree. That same question was asked above, but not sure if that is an option or not!
------------------------------------
Reply:
Then we have no choice but to utilize the HLB, because we have 2 servers with all roles and WNLB can't provide for us. Even if we virtualized the CAS roles, the price incurred would be slightly more than using the KEMP LB.
So let me ask this, will I be able to have one DAG member in a collocated facility and one on premise? If the Exchange DAG functionality can allow for that, then I can see how to go about making it happen. I understand that the latency between DAG members has to be no more than 250ms. That will not be an issue for us.
------------------------------------
Reply:
It may be worth looking into. They shot it down after I brought it up, because they looked into it before I came on board and said the cost wasn't there. In my opinion it's cheaper in all areas. Their concern is the monthly/yearly fee, and the ability to keep older emails. Like I said, they use email as if it's CRM.
- Edited by Krptodr Tuesday, November 6, 2012 7:41 PM
------------------------------------
Reply:
So then let me ask this. If I do not use a load balancer, and the CAS connections are directed to where the clients mailbox lives, but the mailbox role is HA and the one DAG member has a corrupt mail DB, then wouldn't the CAS client connection be redirected to the other DAG member?
The Load balancer balances the client to CAS connections. Not the CAS>MBX connection. If you dont have a load balancer for the CAS and Server1 is down. How will you seamlessly redirect the clients to the CAS role on Server2? Withough a load-balancer, it wont be seamless and the clients will notice and may not be able to connect until they are restarted or DNS cache is updated etc etc...
Forget the CAS > MBX connection for now. Focus on the Client to CAS connection. That is what the Kemp ( or other load balancer) takes care of.
I over looked this, but wouldn't the single FDQN for the CAS array, be the determining factor in the scenario you provided above? I know you said to forget about CAS > MBX connections. I may have confused you in the post that you replied against.
If a client is accessing a CAS array at cas-array1.domain.com and in that array you have 2 DAG members. One of those DAG members is down then, how is it the user connecting to the CAS array would not be transfered to the appropriate server?
I appreciate all the information that is being supplied to me, I have a lot left to learn as it is my first major Exchange implementation. I thank everyone that has offered me valuable information.
------------------------------------
Reply:
So then let me ask this. If I do not use a load balancer, and the CAS connections are directed to where the clients mailbox lives, but the mailbox role is HA and the one DAG member has a corrupt mail DB, then wouldn't the CAS client connection be redirected to the other DAG member?
The Load balancer balances the client to CAS connections. Not the CAS>MBX connection. If you dont have a load balancer for the CAS and Server1 is down. How will you seamlessly redirect the clients to the CAS role on Server2? Withough a load-balancer, it wont be seamless and the clients will notice and may not be able to connect until they are restarted or DNS cache is updated etc etc...
Forget the CAS > MBX connection for now. Focus on the Client to CAS connection. That is what the Kemp ( or other load balancer) takes care of.
If a client is accessing a CAS array at cas-array1.domain.com and in that array you have 2 DAG members. One of those DAG members is down then, how is it the user connecting to the CAS array would not be transfered to the appropriate server?
.
Remember the CAS Array is simply the defined FQDN that is set as the RPCClientAccessServer for a maibox database. It does no load balancing and there is no intelligence behind it and has no relationship to the DAG.
If a DAG node is down, the CAS will work its magic to ensure that client connections are routed to the active database. The CAS Array is only for defining the FQDN for client connections. You associate that FQDN to an IP address on the load balancer in DNS. The load balancer then decides which CAS to route the connection to. Once the CAS gets that connection, it does the rest to determine where the active database is for that mailbox.
I hope that makes sense.
------------------------------------
Reply:
That makes sense, thank you.
Since I have to make a DAG in a live environment will I be able to do so without any down time? I am currently implementing the second server without any downtime. I then need to create the DAG. If I have a third server, I think I could do it without downtime, but I fear it's not possible with two servers in a live environment.
------------------------------------
Reply:
Sukh
------------------------------------
Reply:
------------------------------------
Reply:
Here is a solution you might follow: http://www.sysadminsblog.com/microsoft/full-failover-with-two-exchange-2010-servers/
------------------------------------
Reply:
------------------------------------
Reply:
Just so you have full disclosure, that is not one of the supported design scenarios.
IF you choose to go down that avenue, you may run into issues and not get the help you need when calling into support.
Cheers,
Rhoderick
Microsoft Premier Field Engineer, Exchange
Blog: http://blogs.technet.com/rmilne Twitter: LinkedIn: Note: My posts are provided "AS IS" without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
- Edited by Rhoderick Milne [MSFT]Microsoft employee Wednesday, November 7, 2012 5:04 PM
------------------------------------
Reply:
------------------------------------
Reply:
Just so you have full disclosure, that is not one of the supported design scenarios.
IF you choose to go down that avenue, you may run into issues and not get the help you need when calling into support.
Cheers,
Rhoderick
Microsoft Premier Field Engineer, Exchange
Blog:Note: My posts are provided "AS IS" without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
I didnt read the link but I bet it uses the cluster IP as the client connction point right? ugh!
------------------------------------
Reply:
------------------------------------
Reply:
Just so you have full disclosure, that is not one of the supported design scenarios.
IF you choose to go down that avenue, you may run into issues and not get the help you need when calling into support.
Cheers,
Rhoderick
Microsoft Premier Field Engineer, Exchange
Blog:Note: My posts are provided "AS IS" without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
I didnt read the link but I bet it uses the cluster IP as the client connction point right? ugh!
<Spock >
it's worse than that Jim....
</Spock>
Cheers,
Rhoderick
Microsoft Premier Field Engineer, Exchange
Blog: http://blogs.technet.com/rmilne Twitter: LinkedIn: Note: My posts are provided "AS IS" without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
------------------------------------
Win Media Center - Live TV Shows Black Screen with no Audio
I have set up my TV Tuner with Windows Media Center and while setting it up, media center recognised the tv tuner and went and found almost 80 channels when it did a scan. However when I launch live tv no matter what channel I go to there is a blank screen and no audio. I get all the programming data of what's meant to be on each channel but no video. Is this a software issue?
Reply:
Hi, please first open the volume properties and make sure that none of the audio inputs are muted or the volume turned down.
Then, please open Windows Media Center, go to Tasks - Settings - General - Windows Media Center setup - Setup your speakers. Make sure the speakers selected are of the correct connection.
Meanwhile, please make sure that you have installed the compatible version of TV tuner driver.
Sean Zhu - MSFT
------------------------------------
Reply:
------------------------------------
Reply:
I am having a similar problem except audio comes through on every channel but so does the black screen. I have updated the hardware drivers for the tuner from the manufacturer (Hauppauge) to the version specifically for WMC. I have also turned Media Center off, then back on using "Turn Windows Features On and Off", as suggested on another forum. Fully updated Windows 02-13-'12. The same tuner, antenna, and wires were all connected to my old HP win7 pentium4 32bit nvidia 9500GT and worked fine. My system is:
Win7 home prem. 64bit Sp1 Eng
I7 2600K 1155 3.4-3.7 ghz
Megabyte Mobo W/Z68 chipset (not overclocking yet)
8gig 1600mhz ram
WinTV HVR-1600 recieving over-the-air ATSC
EVGA GTX570HD (nvidia graphics)
I'm bumping this old thread because I need HELP!!
Edit: SOLVED!! I rolled back the drivers on the graphics card using Device Manager .
- Edited by thepoolguy Tuesday, February 14, 2012 2:26 AM Solved!
------------------------------------
Reply:
I installed the latest Shark007 codecs. 1st the 32-bit, then the 64-bit, as per the instructions.
Then I needed the following help from Shark007:
as for your issue, use the [x] SUGGESTED settings checkbox test
need more help? try disabling the Windows Video decoder on the SWAP TAB also
keep in mind, the x64 app controls Media Center playback
the 32bit app controls most other players
That fixed the problem.
- Michael Faklis
------------------------------------
MDT 2010, Deployment issue with VLAN
Hi,
We have MDT 2010 to deploy OS in our organization. We also have different vlans (50, 125, 200 and 300). the client machines are usually connected to vlan 300 when we deploy, suddenly it stopped working and now we can deploy only when the clients are connected to vlan 50 (which is a management vlan)
any clue?
Thanks and regards,
SNRRK
- Changed type Kim Zhou Wednesday, November 14, 2012 2:35 AM
Reply:
Hi,<o:p></o:p>
<o:p> </o:p>
It seems the issue is not related to Windows 7. You'd better to post the problem here.<o:p></o:p>
http://social.technet.microsoft.com/Forums/en/mdt/threads <o:p></o:p>
Kim Zhou
TechNet Community Support
------------------------------------
MSI installation error on windows 7 machine with Spanish locale
Hi ,
I am getting this error while installing the MSI on windows 7 machine with Spanish locale.
Exception during the commit phase of the installation. This exception will be ignored and installation will continue. However, the application may not work correctly until the installation is complete. -> Failed to convert some or all identity references.
Please advice.
Thanks in advance
Dubey_Varun
- Changed type Kim Zhou Wednesday, November 7, 2012 5:33 PM
Reply:
Hi,
Please do not create the duplicate threads.
Kim Zhou
TechNet Community Support
------------------------------------
WP
- Changed type Clarence Zhang Thursday, November 15, 2012 8:57 AM
Reply:
KB2481109
Yes???
Did you have a question?
Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
SolarWinds Head Geek
Microsoft MVP - Software Distribution (2005-2012)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
------------------------------------
Blue screen error - unable to use laptop!
Hi guys. 2 nights ago as I shutdown my Fujitsu AH512 laptop (which has Win 8 installed) it said it was updating. Yesterday when I tried to turn on the laptop it appeared with a blue screen error message and when I viewed the details they were:
C:\Users\Mazzybear\AppData\Local\Temp\WER-63953-0.sysdata.xml.
C:\windows\minidump\110612-42859-01.dmp
C:\windows\memory.dmp
I only make it to the Start screen before the error message appears again. It keeps doing that every time I try to use the laptop. It's beyond frustrating as the laptop is new! Help please! Thanks :-)
- Changed type Nicholas Li Friday, November 23, 2012 6:42 AM
Reply:
Please upload those 2 files:
C:\Users\Mazzybear\AppData\Local\Temp\WER-63953-0.sysdata.xml.
C:\windows\minidump\110612-42859-01.dmp
I'll take a look at the file with the Debugger.
"A programmer is just a tool which converts caffeine into code"
------------------------------------
Fix for problem: 32-bit application doesn't load SQL Server CE binaries in application folder, but gets trouble from 64-bit version of same binaries already installed on same computer
There was an error message from the 32-bit application when it starts:
File version mismatch detected between ADO.NET Provider and native binaries of SQL Server Compact which could result in an incorrect functionality. This could be due to the presence of multiple instances of SQL Server Compact of different versions. Please install SQL Server Compact binaries of matching version [ADO.NET Provider File Version = 3.5.5692.*, Native Binary File Version = 3.5.8080.*]
On the computer with this problem, these are the SQL CE binaries in the application's folder:
- sqlcese35.dll - Storage Engine (32 bit) - version 3.5.5692.0
- sqlceqp35.dll - Query processor (32-bit) - version 3.5.5692.0
- sqlceme35.dll - Managed extensions (32-bit) - version 3.5.5692.0
And in C:\Program files\Microsoft SQL Server Compact Edition\ the same files are also found with 3.5.8080.0 version.
The solution to all of this is to reinstall the full SQL Server Compact Edition R2, from http://www.microsoft.com/en-us/download/details.aspx?id=5783
From that download, you will get both a 32-bit and a 64-bit installation. We ran both of them and the 32-bit application NO longer complained (and crashed) when loading the SQL CE database files!
The explanation for this problem and resolution is found in http://support.microsoft.com/kb/974247
P.S: I started out writing a question, but as I found a solution, I thought I'd just share it with others!
- Changed type NilsLightyear Tuesday, October 30, 2012 4:12 PM it is a problem solution, not a question
- Changed type Maggie Luo Wednesday, November 7, 2012 9:20 AM
- Changed type Maggie Luo Wednesday, November 7, 2012 4:21 PM
Reply:
Hi,
Thanks for sharing your solution!
Maggie Luo
TechNet Community Support
------------------------------------
Setting a date in a WF using the Function Evaluator
I tried to do something using the CreatedTime attribute but I didn't get very far...
http://www.wapshere.com/missmiis
- Changed type Carol Wapshere Friday, December 11, 2009 2:34 PM
- Changed type Markus VilcinskasMicrosoft employee Thursday, February 18, 2010 12:18 PM
Reply:
CreatedTime is stamped by system when resource is created. This cannot be manipulated.
To acheive what you are trying to do, custom activity using UpdateResourceActivity can be used.
Thanks,
Sri
------------------------------------
Reply:
http://www.wapshere.com/missmiis
------------------------------------
Reply:
I think that the answer is simply that you can't (unless you write a custom activity, of course).
The "now" date function is one of the requests listed in the connect feedback "Feature Request: Custom Synch Rule Functions ".
Cheers,
Paolo
Paolo Tedesco - http://cern.ch/idm
------------------------------------
Reply:
This is not possible by default as there is no activity to add a certain amount of time to an existing date. You would need to build you own activity that does this for you. I would such functionality to be default in FIM, but unfortunately the opposite is true. I have submitted a feature request to add more functions to all kinds of stuff (as Henrik has too)
http://blogs.dirteam.com/blogs/jorge/archive/2009/10/19/additional-functions-needed-for-fim-2010.aspx
cheers,
Jorge de Almeida Pinto [MVP-DS / AD DS TechNet Forums Moderator] [Sr. Technical Consultant @ Oxford Computer Group] (http://blogs.dirteam.com/blogs/jorge/default.aspx) (http://www.oxfordcomputergroup.com/)
------------------------------------
Reply:
To compound your problems (sorry), I have found a bug that won't even allow you to update a date-time field using a custom activity.
You can even re-pro this using the Function Evaluator:
1. create a FE in an action workflow to copy EmployeeStartDate to EmployeeEndDate
2. add a start date to a user
3. create an MPR to fire the activity triggered on an update to first name (or whatever)
4. edit the user's first name
5. you will find an unhelpful PostProcessing error in the requests
If you use a custom activity to do the same, you get a bit more information. The error says you cannot insert NULL into a datatime field.
Steve Mitchell Technical Director - Oxford Computer Group
------------------------------------
Reply:
Carol
http://www.wapshere.com/missmiis
------------------------------------
Reply:
Eric
Eric
------------------------------------
Reply:
Eric, are you using the UpdateResourceActivity and are you setting the DateTime field to a .NET DateTime value?
I wonder if it it a region issue, has anyone else tried this or doing it via the Function Evaluator (see above)?
Steve Mitchell Technical Director - Oxford Computer Group
------------------------------------
Reply:
Yes, I use the UpdateResourceActivity..
this.updateResourceActivity1.UpdateParameters = new UpdateRequestParameter[]
{
new UpdateRequestParameter(TargetAttribute, UpdateMode.Modify, DateTime.UtcNow.AddDays(Convert.ToDouble(DaysFromToday)))
};
One thing to watch for is that they use a wierd datetime format internally and that may be tripping you up...
If there is interest, I will consider posting this activity on the IDAGuys blog.... It is a simple "Put date + # of days on X attribute" activity... Nothing fancy...
Eric
Eric
------------------------------------
Reply:
Also, I have had other people check the use of the Funtion Evaluator to set a date, and they get the same error as me - may not be related to this one of course...
Steve Mitchell Technical Director - Oxford Computer Group
------------------------------------
Reply:
Thanks for you help
Steve Mitchell Technical Director - Oxford Computer Group
------------------------------------
Reply:
I haven't found a clean conversion...
Eric
Eric
------------------------------------
Reply:
Got round the update issue by converting it to a string in the format above (without the T), then back to a Date before saving - sigh.
Steve Mitchell Technical Director - Oxford Computer Group
------------------------------------
Reply:
Steve Mitchell Technical Director - Oxford Computer Group
------------------------------------
Reply:
Hi all,
I just got the same problem. When I tried to update the expiration time from a custom activity, I got the following exception:
Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---> System.Data.SqlClient.SqlException: Reraised Error 50000, Level 16, State 1, Procedure ReRaiseException, Line 37, Message: Reraised Error 50000, Level 16, State 1, Procedure ReRaiseException, Line 37, Message: Reraised Error 515, Level 16, State 2, Procedure GenerateRequestOutput, Line 238, Message: Cannot insert the value NULL into column 'ValueDateTime', table 'FIMService.fim.RequestOutputDateTime'; column does not allow nulls. INSERT fails.
The problem was solved converting the DateTime to UTC as in this example:
UpdateRequestParameter parameter = new UpdateRequestParameter ();
parameter.PropertyName = "ExpirationTime" ;
parameter.Value = DateTime .Now.AddMonths(6 ).ToUniversalTime();
parameter.Mode = UpdateMode .Modify;
m_updateResourceActivity.UpdateParameters = new UpdateRequestParameter []{
parameter
};
Paolo Tedesco - http://cern.ch/idm
------------------------------------
Reply:
Try (in C#)
this.updateResourceActivity1.UpdateParameters = new UpdateRequestParameter[]
{
new UpdateRequestParameter(TargetAttribute, UpdateMode.Modify, DateTime.UtcNow.AddDays(Convert.ToDouble(DaysFromToday)))
};
Eric
------------------------------------
Reply:
Hi Carol,
I need to nullify the employeeEndDate instead of adding or subtracting anything. I have tried Null() but no luck. Also tried inserting 0001-01-01T12:00:00.000 but a big "NO". I am doing this fim 2010 portal and service version4.3606.2. can you throw some light on the same?
HBB
------------------------------------
Reply:
Hi,
I had similar scenario and I cleared out date in WF as shown below.
_disableDate = (Nullable<DateTime>)user["DisableDate"]; // where 'user' is a /user resource to update //NO Profile set disable date else clear out if (_userProfiles != null) { if (_disableDate.HasValue) _disableDate = null; } else { if (!_disableDate.HasValue) { _disableDate = DateTime.Now; } } this.UpdateResourceActivity1.UpdateParameters = new UpdateRequestParameter[1]; this.UpdateResourceActivity1.UpdateParameters[0] = new UpdateRequestParameter("DisableDate", UpdateMode.Modify, _disableDate != null ? _disableDate.Value.ToString("yyyy-MM-dd") + "T00:00:00.000" : null); this.UpdateResourceActivity1.ActorId = new System.Guid(this.WorkflowActor); this.UpdateResourceActivity1.ResourceId = ContainingWorkflow.TargetId; I was able to clear out the value with this code. However when I checked the request parameters in portal I saw parameter "type" is "unknown". I am not sure if that is correct behaviour but code DID cleared DisableDate value.
Hope this help and somebody give some expert advice on "type".
Thanks,
Bhavesh
------------------------------------
Lync 2013
Hi,
has anybody already tried to install the new Lync 2013 Client by using Windows Intune?
The new setup looks like the Setup from Office 2010/2013. So I put config.xml in the root directory the be able to start a silent install.
My only problem is that there are both Editions, x64 and x86, in one setup. I like the idea of having one Installation paket for x64 and x86 but when i have to define a detection rule in Windows Intune Software deployment wizzard i don't know which file to choose for the MSI-Product code.
Can i just add a rule for both lyncww.msi files? the one in the x64 Folder and the one in the x86 Folder or do i have to make 2 different software packages?
Reply:
------------------------------------
Manage Out not working with Teredo
Hi All,
I have weird problem with Direct Access Manage out. We have enable manage out capability and few of helpdesk PCs will do RDP to the DA clients in the internet. We are using hosts file for ISATAP in the helpdesk PCs.
when the client is connected with IP-HTTPS, Helpdesk can do RDP without any issue.
when the client connected with Teredo , RDP does not work. but ping works perfectly from helpdesk pc to DA client
I have allowed edge traversal for RDP in inbound Firewall rule in the client firewall and ICMPv6 echo request. Followed Tom Shinder's article on changes to the DA Client firewall to allow the manage out server connect to the client (http://blogs.technet.com/b/tomshinder/archive/2010/12/01/uag-directaccess-and-the-windows-firewall-with-advanced-security-things-you-should-know.aspx)
But no luck..
please someone help me.
Reply:
If you look in the TMG logs, do you see the RDP traffic actually getting to UAG?
Is this a single server UAG setup or an array?
Jason Jones | Microsoft MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
------------------------------------
Reply:
Hi Jason,
Thank you for the reply.
I dont see RDP traffic on the TMG logs. Filtered it with the 3389 port and I didn't see any logs. I have checked for IP-HTTPS connectivity also for the logs but didnt find any logs related to RDP. but via IP-HTTPS cooperate servers can RDP to DA clients.
This is a single server.
Any thoughts?
P.S.:- I did an activity by doing RDP from UAG server it self to the DA client.
client with IP-HTTPS IP successfully connected. Client with Teredo IP RDP failed.
- Edited by TecHHecT Wednesday, October 31, 2012 11:09 AM
------------------------------------
Reply:
Jason Jones | Microsoft MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
- Edited by Jason Jones [MSFT]Microsoft employee Wednesday, October 31, 2012 11:09 AM
------------------------------------
Reply:
Hi Jonas,
Yes, I can. internal management clients can ping to the DA clients when the client is using IP-HTTPS and Teredo. Internal management clients are running ISATAP as Its IPv6.
- Edited by TecHHecT Wednesday, October 31, 2012 11:23 AM
------------------------------------
Reply:
So, you can see this traffic in the TMG real time logs?
Do you see the same when trying to manage Teredo clients?
Jason Jones | Microsoft MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
------------------------------------
Reply:
Jason Jones | Microsoft MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
- Edited by Jason Jones [MSFT]Microsoft employee Wednesday, October 31, 2012 11:50 AM
------------------------------------
Reply:
Hi Jonas,
Yes, I can. internal management clients can ping to the DA clients when the client is using IP-HTTPS and Teredo. Internal management clients are running ISATAP as Its IPv6.
P.S. Who is Jonas??? :P
Jason Jones | Microsoft MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
------------------------------------
Reply:
I am trying to determine if routing is working for the IP-HTTPS prefix, but not the Teredo prefix...
Jason Jones | Microsoft MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
I assume Routing is fine for both teredo and IP-HTTPS. Because I can ping from cooperate network to outside DA client over the internet. I could see IPSec tunnels also established for both Teredo and IP-HTTPS connection.
I'll check the route print once more time with both teredo and IP-HTTPS for any problem.would be able to share the logs here.
Thanks again
------------------------------------
Reply:
Hi Jonas,
Yes, I can. internal management clients can ping to the DA clients when the client is using IP-HTTPS and Teredo. Internal management clients are running ISATAP as Its IPv6.
P.S. Who is Jonas??? :P
Jason Jones | Microsoft MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
Ohh.. E and A changed.. :D excuse typos
------------------------------------
Reply:
I asume you have configured everything as it should. But let's check things to make sure they are correct.
- First of all, you have configured an inbound firewall rule on the DirectAccess Client, that allow certain protocol from an IPv6 prefix as source (that matches Teredo as well) for both private and public profiles, and enabled "allow edge traversler", right?
- Are you sure the IPv6 prefix is correct? (e.g. 2002:****:****:8000::/49
- Could it be that the DirectAccess Clients got the question wheter the netwerk they connected to should be considered domain, private or public, and selected domain?
- Do you have multiple array members? If so, have you configured a DNS record for ISATAP functionallity with multiple IP Addresses? (e.g. all physical IP Addresses and one virtual IP Address)
| Just an example of an inbound firewall rule: | |
| Enabled | True |
| Program | Any |
| Action | Allow |
| Security | Require authentication |
| Authorized computers | - |
| Authorized users | - |
| Protocol | Any |
| Local port | Any |
| Remote port | Any |
| ICMP settings | Any |
| Local scope | Any |
| Remote scope | 2002:****:****:8000::/49 |
| Profile | Private, Public |
| Network interface type | All |
| Service | All programs and services |
| Allow edge traversal | True |
Boudewijn Plomp, BPMi Infrastructure & Security
- Edited by Boudewijn Plomp Wednesday, October 31, 2012 3:49 PM
------------------------------------
Reply:
Hi Boudewijn,
Thank you for the head in :)
Your first point - I have created 2 inbound rules. 1is for ICMPv6 and RDP (TCP-in) . as a time being I have allowed any any for local and remote scope (because selected IPv6 prefix also not worked)
point #2 - yes , IPv6 prefix is correct. and now I'm testing it without defining the IPv6 prefix.
Point #3 - DA client's active profile shows as Public. and in my rules I have ticked private and public
Point #4 - No this is a single server.
inbound rule settings exactly the same as above except remote scope is any in my rule.
------------------------------------
Reply:
So, you can see this traffic in the TMG real time logs?
Do you see the same when trying to manage Teredo clients?
Jason Jones | Microsoft MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
I dont find any specific RDP traffic in TMG live logs even for the IP-HTTPS and Teredo. I can see IPv6 over IPv4 tunneling traffic (Source and destination shows the IPv4 address of UAG external IP and DAclient's IP) when the client is in IP-HTTPS and management servers RDP to DA client. I think since RDP traffic is passing through the tunnels TMG not capture the RDP traffic (I'm not sure though).Does Wireshark or Netmon help to cpature the traffic of RDP on client and the management server?
------------------------------------
Reply:
And you enabled "Allow edge traversler" as well, right?
Boudewijn Plomp, BPMi Infrastructure & Security
------------------------------------
Reply:
------------------------------------
Reply:
Jason Jones | Microsoft MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
------------------------------------
Reply:
As I joined this discussion, I already had a few configurations running correctly. I have implemented UAG arrays, with ISATAP enabled for specific DirectAccess Manage-Out Clients. And configured the proper inbound firewall rules on the DirectAccess Clients.
To my suprise, yesterday I noticed two of them are not working correctly anymore. Probably the same issue. I am investigating it right now.
- At our office Manage-Out does not work anymore. And the DirectAccess Clients cannot access the DirectAccess Manage-out Clients.
- At another customer Manage-Out works for services such as RDP, SCCM Remote and etc. But... not for Remote Management and File and Print Services. It looks like where RPC gets involved it does not seem to work.
Hmmm...
Boudewijn Plomp, BPMi Infrastructure & Security
------------------------------------
Reply:
Hi Jason,
It was a good idea and I will run it today in my client to get the logs. and I would try running NetMon to capture traffic on UAG server whether the traffic going out in the correct root.
Hi Boudewijin,
In your case manage-out not working when client using teredo or Manage-out does not work at all with any of the transition technology (IP-HTTPS)?
This is a weird issue. I still not able to figure out where is the problem.Is this can be a result of any patch update? (I don't think so).
------------------------------------
Reply:
Just did some investigation. At our office, it seems to work flawlessly with IP-HTTPS. I can even see it matches the inbound firewall rules that I have created (by temporary enabling the local logging). If I disable the rules one by one (GPO based) the Manage-Out traffic is blocked. So, the rules are in there, even with "Allow edge traversler" and they match. But... when Teredo comes into the picture Manage-Out does not work properly. But... again but. I am now 4 hours later at home, having a look at it. And suddenly it works with Teredo! Hmmm..... that is weird.
At our customer it does work except for RPC traffic. But I think I may found the issue. As far as I had the time for it I could see they seem to have some deny rules that might overlap for public and private profiles. I cannot check it right now, will do that tomorrow.
Bottomline. I think I got min working again, although I can't trust on Teredo at all times.
Boudewijn Plomp, BPMi Infrastructure & Security
------------------------------------
Reply:
All my problems are solved.
TecHHecT allow me to help you. Let's check some things, ok?
- Can you enable logging for the private and public profiles in the Windows Firewall with Advanced Security. Just go to the properties of WFwAS, select the profile and click Logging. When you want to open the logging first open notepad or another program with administrative previliges. Then try Manage-Out from a Manage-Out Client to your DirectAccess Client. Check the logging. Do you see a block?
- Second, can you check your GPOs for settings Computer Configuration > Administrative Templates \ Network \ Network Connections \ Windows Firewall \ Standard Profile. Have you configured some properties there?
Boudewijn Plomp, BPMi Infrastructure & Security
------------------------------------
Reply:
Great to hear that you solved the issue :)
- I have enabled logging for Public profile ( Active profile is PUBLIC) in the DAclient. I have done the activity with
1) when DAclient is using IP-HTTPS
2) When DAclient is using Teredo
With IP-HTTPS I'm seeing logs for allowed traffic from Manage-Out client to DAclient (I tested RDP, telnet and ICMP )
Results are: captured log is attached FYR
Ping – Success
2012-11-06 16:27:10 ALLOW ICMP 2002:c03:2197:8000: ****:****:10.226.70.176 2002:c03:2197:8100:81eb:2e76: ****:**** - - 0 - - - - 128 0 - RECEIVE
RDP-Success
2012-11-06 16:29:36 ALLOW TCP 2002:c03:2197:8000: ****:****:10.226.70.176 2002:c03:2197:8100:81eb:2e76: ****:**** 49744 3389 0 - 0 0 0 - - - RECEIVE
Telnet -Success
2012-11-06 16:28:15 ALLOW TCP 2002:c03:2197:8000: ****:****:10.226.70.176 2002:c03:2197:8100:81eb:2e76:****:**** 49740 23 0 - 0 0 0 - - - RECEIVE
With Teredo I'm seeing traffic for ICMP only. Telnet and RDP I don't see the logs
Ping – Success
2012-11-06 16:15:53 ALLOW ICMP 2002:c03:2197:8000:****:****:10.226.70.176 2001:0:c03:2197:10c7:9fac: ****:**** - - 0 - - - - 128
RDP- Failed (No logs)
Telnet – Failed (no logs)
IP addresses
2002:c03:2197:8000: ****:****:10.226.70.176 – ISATAP ip of Managr-Out client
2002:c03:2197:8100:81eb:2e76: ****:**** - IP-HTTPS ip of DA client
2002:c03:2197:8100:81eb:2e76:****:**** - Teredo IP of DA client
- No, all parameters shows not configured under Slandered Profile
Thanks again for your assistance.. :)
------------------------------------
Reply:
Hi Boudewijn
Additionally I see lots of TCP traffic were dropped for the port 443... could this help?
2012-11-06 16:03:53 DROP TCP 192.XX.XX.239 12. XX.XX.151 61108 443 162 AP 1044794517 461070054 16560 - - - RECEIVE
2012-11-06 16:03:53 DROP TCP 192.XX.XX.239 12. XX.XX.151 61108 443 162 AP 1044794517 461070054 16560 - - - RECEIVE
2012-11-06 16:03:53 DROP TCP 12. XX.XX.151 192.XX.XX.239 443 61108 1420 A 461070054 1044794639 258 - - - RECEIVE
2012-11-06 16:03:53 DROP TCP 12. XX.XX.151 192.XX.XX.239 443 61108 1420 A 461070054 1044794639 258 - - - RECEIVE
2012-11-06 16:03:53 DROP TCP 192.XX.XX.239 12. XX.XX.151 61108 443 40 A 1044794639 461072814 16560 - - - RECEIVE
2012-11-06 16:03:53 DROP TCP 192.XX.XX.239 12. XX.XX.151 61108 443 40 A 1044794639 461072814 16560 - - - RECEIVE
IP Addresses
192.XX.XX.239 – DAclient IPv4 IP
12. XX.XX.151 – UAG server external IP
------------------------------------
Reply:
So, it would appear that it does look like a local DA client Windows Firewall issue then (like I have seen before too). You can use the following guidance to try and determine why permitted traffic is failing: http://msdn.microsoft.com/en-gb/library/windows/desktop/bb736284(v=vs.85).aspx
I would guess it is either some form of policy corruption or multiple policies conflicting somehow...
Cheers
JJ
Jason Jones | Microsoft MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
------------------------------------
Reply:
Not sure if this helps, but extract from a similar issue:
"...further analysis of the trace data did however expose conflicting RDS rules in WFAS so GP isolation was requested. At which point we noticed that the observed rules were not being removed, despite the removal of GPOs. I engaged the core domain team who confirmed GP tattooing was taking place..."
May be a similar issue, may be different, but it sure looks like a WF problem somehow. so the WFP tracing should at least help narrow it down...
Cheers
JJ
Jason Jones | Microsoft MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
------------------------------------
Reply:
Could Windows Firewall policy corruption only for teredo? Since IP-HTTPS working good with the same.
I think I forget to mention here that I have not configured firewall policy from GPO. It is configured locally and allowed RDP rule locally only. (for testing teredo in the testing PC before jumping to GPO)
If this is a local DA client Windows Firewall issue, What if I use a fresh PC for DAclient and test the RDP with teredo connection? that would help to recognize the problem is in the local policy or else other...
------------------------------------
Reply:
I must admit, this is hard to troubleshoot. What I wonder; when you are connected with IP-HTTPS, which rules match your Manage-Out traffic. You have enabled specific inbound firewall rules wiht the IPv6 (ISATAP) prefix as a source, right? If so, can you temporary disable that or those rules. And check wether you are still able to communicatie while using IP-HTTPS. The rulebase can be confusing, I don't know your configuration, but it might be that it matches other inbound rules that don't have "Allow edge traversler" enabled for private/public profiles.
Boudewijn Plomp, BPMi Infrastructure & Security
------------------------------------
Reply:
I'm running mad out of this ;(
For the troubleshooting purpose I have removed all source prefixes and the all rules are now with any any selected.
Specially I should say I did not change/modified or enable/disable any inbound rules except the RDP(TCP-in) and ICMPv6 echo request rules. All other rules are as it is with the default parameters in Windows Firewall. I'm trying to use fresh DA client to test because as Per Jason this could be a firewall corruption in the current DA client.
------------------------------------
Reply:
I'm running mad out of this ;(
For the troubleshooting purpose I have removed all source prefixes and the all rules are now with any any selected.
Specially I should say I did not change/modified or enable/disable any inbound rules except the RDP(TCP-in) and ICMPv6 echo request rules. All other rules are as it is with the default parameters in Windows Firewall. I'm trying to use fresh DA client to test because as Per Jason this could be a firewall corruption in the current DA client.
Personally I would leave all existing WFAS rules as is and create new specific rules for DA manage out as per the articles you originally likned to. I would also create them in GPO format rather than locally configured; if you are worried about the impact, just security filter them to the DA clients groups like the DA policies.
I know IP-HTTPS and Teredo traffic should be similar, but ultimately they are handled differently by WFAS; hence the specific need to define edge traversal settings for Teredo. It sounds like WFAS is not aware you have enabled that setting and is therefore impacting inbound connections when using Teredo.
Cheers
JJ
Jason Jones | Microsoft MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
------------------------------------
How would Merge and P2P replication resolve the following conflict
Servers A and B incremented a specific database field at the same time. I.E.: They have the exact same value for a field.
The correct solution should be that the value coming out of conflict resolution should be 1 greater than the value at both servers A and B.
Questions:
Describe to me in detail, how can the above conflict be correctly resolved by both Merge and P2P replication.
Which replication technique do you think is better, why.
Thank you,
P.S.: I already have the following links,
P2P Replication: http://technet.microsoft.com/en-us/library/bb934199(v=sql.100).aspx
Merge Replication: http://msdn.microsoft.com/en-us/library/ms151257(v=SQL.100).aspx
- Edited by Software Engineering Stuff Thursday, November 1, 2012 2:42 PM
- Changed type Software Engineering Stuff Wednesday, November 7, 2012 3:55 PM
- Changed type Software Engineering Stuff Wednesday, November 7, 2012 3:55 PM Need more information
Reply:
This type of conflict is difficult to deal with in both Merge and Peer-to-Peer.
Lets say both DB-1 and DB-2 both have an article Inventory which contains a column StockOnHand and the value is currently set to 5 on both. Then we decrement StockOnHand to 4 on both articles between syncs and then synchronize, a conflict occurs. By default, Merge uses first-to-publisher wins, or priority-based, so the 4 will persist either way in that case. With Peer-to-Peer, the change that originated at the node with highest originator ID will win so 4 will persist as well. As we know, both are wrong as the StockOnHand should now be 3, right?
Merge offers custom conflict resolvers that are more capable of solving conflicts such as these which you can read about here: http://msdn.microsoft.com/en-us/library/ms151257.aspx
- Edited by Brandon Williams Friday, November 2, 2012 5:02 PM
------------------------------------
Reply:
One way I've handled this scenario in Merge is to connect to the Publisher or directly to the Subscriber, and make the change if I'm changing another Subscriber's data. I've also written custom conflict resolvers that utilized history tables to do the correct math on synchronization.
With Peer-to-Peer, you will want to ensure that write operations for a particular row are performed at only one node, so applications should partition insert, update, and delete operations.
- Edited by Brandon Williams Friday, November 2, 2012 5:13 PM
------------------------------------
Reply:
"One way I've handled this scenario in Merge is to connect to the Publisher or directly to the Subscriber, and
make the change if I'm changing another Subscriber's data. I've also written custom conflict resolvers that
utilized history tables to do the correct math on synchronization.
With Peer-to-Peer, you will want to ensure that write operations for a particular row are performed at only
one node, so applications should partition insert, update, and delete operations."
What do you mean by "connect to the Publisher or directly to the Subscriber." Do you mean manually log into a servers and manually change the field with the conflict, please elaborate.
And, what do you mean by "write operations for a particular row are performed at only one node." Do you mean that only one server can write to the database, please elaborate.
Thank you,
P.S.: References
- Edited by Software Engineering Stuff Wednesday, November 7, 2012 6:58 PM
------------------------------------
App-V 4.6 SP2
New version of App-V 4.6 released - namely Service Pack 2!
Support for Win 8 / Win Server 2012
No Dr Watson need anymore!
Co-existance support with App-V 5
Support for Adobe Reader with Sandboxmode!
Unfortunately, Outlook 2010 can not be set as a mailto: protocol handler within Win8 if it is virtualized.
all previous hotfixes are included, apart from App-V 4.6 Sp1 HF7 (http://social.technet.microsoft.com/Forums/en-US/appvclients/thread/3e571e1f-7273-460e-98a5-dc107f0f42d6)
http://support.microsoft.com/kb/2738315
release notes;
http://technet.microsoft.com/library/jj729866.aspx
Nicke Källén | The Knack| Twitter: @Znackattack
- Edited by znack Wednesday, November 7, 2012 3:52 PM
SharePoint 2010 Single Sign-On with the CA Site Minder Agent
Hi,
I am using the CA Site Minder agent with my SharePoint 2010 for the Single Sign-on and all the configurations are done prefectly according to the booklet given by CA Site minder agent.
The problem is i am able to create the web application (Claims based) and even creating the site collection by selecting the Trusted Identity Provider that was created for the claims from site minder agent.Its getting created and now the issue is whenever i am browsing the created site collection it is throwing me an error. Its a genric "Internal (500) server error".
So please guide me where i need to check to solve this issue.
Reply:
Hi,
What Port did you create the Web Application? There may be some firewall restrictions on that port.
Regards
Ranga
Regards Ranga www.sharepointfrontier.com
------------------------------------
Reply:
------------------------------------
Reply:
The port number i am using is 80 and there is no firewall restrictions on that port...
- Edited by sabbithi.sunny Wednesday, November 7, 2012 3:35 PM
------------------------------------
Reply:
------------------------------------
App-V 4.6 SP1 Hotfix 8
As of today (translated by google);
Starting today, you can make a request to the Microsoft Support after HF8 for App-V 4.6 Sp1.
In this course all previous hotfixes are included. This hotfix fixed the problem
Adobe Reader X, which I have described here:
http://blogs.msdn.com/b/sgern/archive/2012/09/14/10349456.aspx
Each package contains the Adobe Reader or start it in the bubble will be
In addition to following the Fix OSD tags include:
<VIRTUAL_FILE_SYSTEM_PASS_THROUGH> TRUE </ VIRTUAL_FILE_SYSTEM_PASS_THROUGH>
<VIRTUAL_REGISTRY_PASS_THROUGH> TRUE </ VIRTUAL_REGISTRY_PASS_THROUGH>
<ENFORCE_ACLS_ON_VREG_MODIFY> TRUE </ ENFORCE_ACLS_ON_VREG_MODIFY>
So you can now also in the Adobe Reader Protected mode can be used.
If you want the Adobe Reader with Protected mode to start the sequencer, then one should before
the record set this registry key:
DWORD "EnableVFSPassthrough" in "HKLM \ Software \ Microsoft \ SoftGrid \ 4.5 \ SystemGuard \ overrides.
This to 1
Additionally, this hotfix contains the client Fix also a new sequencer, there was a problem with the copyright information.
The KB number will be 2761558
There is a fix for the 4.6 SP1 client and a complete sequencer
Best wishes especially to Nicke Kallen :)
Sebastian Gernert - Escalation Engineer App-V
http://blogs.msdn.com/b/sgern/archive/2012/10/12/10359028.aspx
Nicke Källén | The Knack| Twitter: @Znackattack
- Edited by Aaron.ParkerModerator Friday, October 12, 2012 9:41 AM Updated with clearer translation
Reply:
Hello,
Now public;
http://support.microsoft.com/kb/2761558
App-V 4.6 SP2 is public, which now also includes this fix
Nicke Källén | The Knack| Twitter: @Znackattack
------------------------------------
Virtual Machine for Old Progs
I was advised by MS to put this in the Tech Forum.
I got Win 7 HPE 64-bit with this pc and bought the same with 32-bit for my other pc [when trying to clean up XP Prof (came already embedded on the pc) with the copied Sys Disk, a lot of stuff got zapped! That's why I had to find the C-Note-and-some to buy 7]. Anyway, I couldn't afford to upgrade to 7 Ult or Prof to use Microsoft's virtual XP for my old COREL, so I searched for a freebie virtual. SUN's is OK, but moving files from one environment to the other is difficult. I got the VMWare Player [again, one must buy the u/g to use all the usbs], and this works very well with a little manipulation to get over the restrictions.
The CD/DVD ROM is accessible, as are the mouse and kbd, and the flash drives can now be enabled on the vm by disabling them from the host machine. The worst problem was printing. Obviously, neither of the usb printers could be used; though I installed the necessary HP software on the VM. I tried virtual printer software, which is supposed to emulate LPT1 or Serial Port [which is supported], but I couldn't get beyond "yes, it's gone to the printer" stage - it hadn't. Some of you, as I've discovered from various forums, can't get PRINT TO FILE working on these newer versions of WINDOWS as in DOS days. I tried all the "Copy... " formulae from the experts, but it didn't do anything (does someone have the magic word?) except argue that the file didn't exist - probably because Command Prompt couldn't read the instruction. On one obscure help page, recently, there was advice that PTF wouldn't work, anyway, in 7.
So, more surfing produced a freebie PRINT TO FILE package called FROGMORE RAW PRINT. I just check the PTF option in COREL using either the Laser or DeskJet s/w, use copy/paste or drag-and-drop to move the .PRN file to FROGMORE RAW PRINT in the Host environment, and it's done.
It probably seems like swingeing to exist, computer-wise, on freebie s/w. But £400 is a lot to pay for new graphics suites. The only freebie to come close for imaging is IRFANVIEW. And then, it doesn't have all COREL's features and nuances. Also, I still employ the MS OFFICE suite I bought for Win 95 to prepare text documents. I can't print out of it but I got a basic Word 2010 - can't get used to it - with this computer and it will print anything old version. There are, also, several good free office packages that will fill the document production gap.
I hear XP will no longer be supported by MICROSOFT after 2014...
Older
Reply:
You are correct in the assumption that Windows XP will not be supported. That date is firm and will not change. April 8, 2014 – as per the reference here: http://www.microsoft.com/en-us/windows/endofsupport.aspx
Steve Thomas, Senior Consultant, Microsoft
App-V/MED-V/SCVMM/Server App-V/MDOP/AppCompat
http://blogs.technet.com/gladiatormsft/
The App-V Team blog: http://blogs.technet.com/appv/
The MED-V Team Blog: http://blogs.technet.com/medv
The SCVMM Team blog: http://blogs.technet.com/scvmm/
"This posting is provided "AS IS" with no warranties, and confers no rights. User assumes all risks."
------------------------------------
Internet not connecting on virtual machine
Hi all!!
Please can anyone tell me how to connect internet on virtual machine? My host PC is connected with WiFi and and I have installed VMware 2.0.
Thanks in advance.
Reply:
Steve Thomas, Senior Consultant, Microsoft
App-V/MED-V/SCVMM/Server App-V/MDOP/AppCompat
http://blogs.technet.com/gladiatormsft/
The App-V Team blog: http://blogs.technet.com/appv/
The MED-V Team Blog: http://blogs.technet.com/medv
The SCVMM Team blog: http://blogs.technet.com/scvmm/
"This posting is provided "AS IS" with no warranties, and confers no rights. User assumes all risks."
------------------------------------
SP1 ctp2 vmm (from vhd) to vsphere 5.1
yes I know its not supported.... but using the canned vsphere appliance hosted on an ESXi5.1...
if you connect vsphere 5.1 to the domain (which requires various fiddles in its own right, to work against a windows 2012 server domain/dns) the vmm manager can eventually connected to the API of vsphere.
only domain credentials work in the RunAs account, i.e. you must in vsphere have created a domain account with admin privilege set.
I was once able to add the ESXi (enumerated by vsphere) to the host groups. But, no VMs were enumerated. This was despite the ESXi in question hosting vpshere vm itself (and some other).
Things crashed and burned (badly) before I ever go the change to try creating a VM.
Its quite to get the various systems mutually confused. Once vpshere lost its binding to an ESX (requiring a reconnect using vsphere commands), VMM could no longer see the ESX (via the vpshere API bridge). There seemed lots to go wrong, and induce hair pulling - as systems never designed to properly work together do a half job.
Reply:
Steve Thomas, Senior Consultant, Microsoft
App-V/MED-V/SCVMM/Server App-V/MDOP/AppCompat
http://blogs.technet.com/gladiatormsft/
The App-V Team blog: http://blogs.technet.com/appv/
The MED-V Team Blog: http://blogs.technet.com/medv
The SCVMM Team blog: http://blogs.technet.com/scvmm/
"This posting is provided "AS IS" with no warranties, and confers no rights. User assumes all risks."
------------------------------------
Microsoft JScript runtime error: '%button_name%_Click' is undefined
Hi,
I am trying to run this demo code which is a SharePoint Application adding all site collections
and web sites in a farm to Drop-Down lists.
While running this code in 'Debug' mode I am getting this error message:
"Microsoft JScript runtime error: 'btnClick_Click' is undefined". I am running IE 9(BUILD:9.08112.16421)
I have checked the HTML code automatically generated by SharePoint for my aspx page and I can see that
this button is correctly defined:
<input type="submit" name="ctl00$PlaceHolderMain$btnClick" value="Create List" onclick="btnClick_Click;" id="ctl00_PlaceHolderMain_btnClick" />
I must add that this error is only generated after I click on my submit button(btnClick). No error is raised
in VS(2010) only in the browser. Suggestions anyone?
Button_Click event CODE:
public void btnClick_Click(object sender, EventArgs e)
{
using (SPSite site = new SPSite(cboSiteCollections.SelectedItem.ToString()))
{
SPWebCollection webs = site.AllWebs;
using (SPWeb web = webs[cboWebs.SelectedValue])
{
SPList list = null;
foreach (SPList currentList in web.Lists)
{
if (currentList.Title == txtListName.Text)
{
list = currentList;
break;
}
}
if (list == null)
{
Guid listID = web.Lists.Add(txtListName.Text,"List created by server om",
SPListTemplateType.Links);
list = web.Lists[listID];
list.OnQuickLaunch = true;
list.Update();
}
}
}
}
Cheers,
Reply:
Thanks,
Sohel Rana
http://ranaictiu-technicalblog.blogspot.com
------------------------------------
Migrate UM Server
Hello,
I need to move an Exchange 2007 UM role to a new Exchange server with a different name and IP Address from the current Server. So its not moving the server to new hardware with the same name (http://technet.microsoft.com/en-us/library/bb332344(v=exchg.80).aspx). We have OCS 2007 R2 in the mix too with a mediation server.
I updated the associated dial plan for the new server and added a trusted SSL cert. to the new Exchange UM server. But when we shut down the old server, the voicemail still tries to link to the old server.
Thanks in advance for your assistance.
-Larry
Reply:
------------------------------------
Reply:
Hello,
During our initial test move, I switched the UM Associated dial plans and Voicemails were not getting saved. Exchange is slightly different. Exchange 2007 SP1 on the old server that cannot be upgraded due to MSI Installer/system corruption issues and Exchange 2007 SP3 on the new.
I came across these steps for Exchange 2010.
- Install the new UM Server: Done
- Import any (non-default) audio prompts you might have: There are non
- Add your dialplan to the new UM Server: Done
- Run the exchucutil.ps1 PowerShell script on the Exchange server: Necessary?
- Run the ocsumutil.exe tool on the Lync server: Necessary?
- Ensure SSL certificate on the UM Server: Done
- Uninstall old Exchange 2007 UM Server
Thanks in advance,
Larry
------------------------------------
Reply:
Your steps 4 & 5 are for if you have Lync or OCS integrated with your UM.
Are you using 1 UM Dial Plan? If not then the mailboxes will have to be associated with the UM Dial Plan the new UM server is answering for (by way of UM Mailbox Policy assignment).
------------------------------------
Reply:
Thanks for the response Eri.
So do we need to run the two scripts/programs for a new Exchange UM server with OCS integration still? Seems like it is for only new installs. So do I need to rerun those commands for the new UM Server?
There is only one Dial Plan so nothing needs to be changed for each of the couple hundred mailboxes?
Larry
------------------------------------
Reply:
If it is the same UM Dial Plan, then no you should not need to do those scripts for OCS/Lync integration (if my memory serves me). Make sure to disable the old UM server from within Exchange so it does not attempt to answer calls as well as it doesn't attempt to make outbound calls from requests (play to phone, etc).
Nothing should need to change for the mailboxes, only the integration from something other than Lync/OCS. If you are using a SIP gateway or a PBX connecting directly to UM then those would need to be pointed to the new UM server.
------------------------------------
Reply:
I wanted to report on the resolution as its a weird issue Microsoft really hadn't seen. The dialing plan rule had no * defined for number mask for dialed number or dialing restrictions. So once we added that, the new server was able to take over for the retired server. Basically the dial plan wasn't fully setup correctly but was working nonetheless on the older server.
Thanks for you help Eric!
Larry
------------------------------------
No comments:
Post a Comment