Tuesday, August 9, 2011

Escape from Expensive Licensing: RemoteApp

Nowadays, the cost involved in the user license for some applications are too high. But off course we cannot avoid this, but for an extent can be minimized smartly by using the RemoteApp. Though RemoteApp is not the first to exist, prior can be done via Citrix.

For example just think about common application used internally which has the per user license, can be published in RemoteApp, in turn used for n number of users.

But there are high end application cover this loop holes, their licensing terms have the virtualizing license terms and also blocked the feasibility of terminal session publish options. As long as the application allows as to work smoothly in RemoteApp, no harm in using it. This can save some serious money for your organization.



Directory Partitions in Active Directory:

We will discuss on the directory partitions in active directory and its purpose served in the windows domain environment. The active directory database is logically separated into directory partitions:
Schema partition
Configuration partition
Domain partition
Application partition
Each partition is a unit of replication, and each partition has its own replication topology. Replication occurs between replicas of directory partition. Minimum two directory partitions are common among all domain controllers in the same forest: the schema and configuration partitions. All domain controllers which are in the same domain, in addition, share a common domain partition.
Schema Partition
1. Only one schema partition exists per forest.
2. The schema partition is stored on all domain controllers in a forest.
3. The schema partition contains definitions of all objects and attributes that you can create in the directory, and the rules for creating and manipulating them.
4. Schema information is replicated to all domain controllers in the attribute definitions.
Configuration Partition
1. There is only one configuration partition per forest.
2. Second on all domain controllers in a forest.
3. The configuration partition contains information about the forest-wide active directory structure including what domains and sites exist, which domain controllers exist in each forest, and which services are available.
4. Configuration information is replicated to all domain controllers in a forest.
Domain Partition
1. Many domain partitions can exist per forest.
2. Domain partitions are stored on each domain controller in a given domain.
3. A domain partition contains information about users, groups, computers and organizational units.
4. The domain partition is replicated to all domain controllers of that domain. All objects in every domain partition in a forest are stored in the global catalog with only a subset of their attribute values.
Application Partition
1. Application partitions store information about application in Active Directory.
2. Each application determines how it stores, categorizes, and uses application specific information. To prevent unnecessary replication to specific application partitions, you can designate which domain controllers in a forest host specific application partitions. Unlike a domain partitions, an application partition cannot store security principal objects, such as user accounts. In addition, the data in an application partition is not stored in the global catalog.
As an example of application partition, if you use a Domain Name System (DNS) that is integrated with Active Directory you have two application partitions for DNS zones -- ForestDNSZones and DomainDNSZones:
ForestDNSZones is part of a forest. All domain controllers and DNS servers in a forest receive a replica of this partition. A forest-wide application partition stores the forest zone data.
DomainDNSZones is unique for each domain. All domain controllers that are DNS servers in that domain receive a replica of this partition. The application partitions store the domain DNS zone in the DomainDNSZones.
Each domain has a DomainDNSZones partition, but there is only one ForestDNSZones partition. No DNS data is replicated to the global catalog server.
The below are some useful commands related to the application partitions in NTDSUTIL,

Creating and deleting application directory partitions,
#CREATE NC dc=application,dc=example,dc=com server.example.com
#CREATE NC dc=application,dc=example,dc=com null
#DELETE NC dc=application,dc=example,dc=com

Creating and deleting replicas,
#ADD NC REPLICA dc=application,dc=example,dc=com server2.example.com
#ADD NC REPLICA dc=application,dc=example,dc=com null
#REMOVE NC REPLICA dc=application,dc=example,dc=com server2.example.com
#REMOVE NC REPLICA dc=application,dc=example,dc=com null

Defining a replication schedule,
#SET NC REPLICATE NOTIFICATION DELAY dc=application,dc=example,dc=com 10 15

Displaying replica information,
#LIST NC REPLICAS dc=application,dc=example,dc=com



Organizations are only as good as their current system being used. This system encompasses all processes ranging from human capital down to the various aspects of operations such as production, quality assurance and even disaster preparedness. In this regard, an organization can only survive if it employs certain strategies that will make it live longer. Two of these strategies are the BCP and the DR. These two strategies or disciplines are related because both of them help the organization from being disrupted from any untoward variables either internal or external in nature.

BCP is completely known as Business Continuity Planning. The definition of such a term is really easy for the term already speaks of what it is all about ‘“ continuity of the business. It is simply the state of being ready for any unforeseen incident that can disrupt the day to day process or operation of businesses and organizations alike. Hence, it is a good management strategy wherein the organization is ensured that it can always maintain its standards and service levels even if there are some challenges that come its way.

In addition, BCP is a preventive and proactive strategy of ensuring business continuity. It therefore helps in lessening the probable damage that could have resulted if there were no safety preparations employed prior to the incident.

On the other hand, DR or Disaster Recovery is obviously recovering from a disaster. It is the strategy of intelligent recuperation from a negative incident of any magnitude. Thus, DR is simply a reactive approach. It is more of a treatment given to a disease rather than a preventive measure. Nowadays, the trend or focus for both BCP and DR is on the IT or information technology of the organization. With major operations being mostly shouldered by computer applications and automated programs, these businesses prioritize saving or healing their IT system above all else. Any organization will not argue that they really don’t want to be offline or un-powered for a lengthened duration.

All in all, Disaster Recovery or DR is, without a doubt, not similar BCP because:

1. BCP stands for Business Continuity Planning whereas DR is Disaster Recovery.
2. BCP is a proactive strategy whereas DR is a reactive approach.
3. BCP helps prevent and anticipates a disaster or unfavorable incident in advance whereas DR is a strategy that treats or recovers from disasters and the like.

Hope the above is informative.


Saturday, June 25, 2011

JBOD vs RAID : Storage

On the Introduction of DAG in exchange 2010, the cost involved in the storage disks can have the flexible options. The below blog explains the pros and cons of usage of JBOD vs RAID storage.

Adding to that, the below is the basic difference between the JBOD and RAID Disks.

Hope the above is informative.



Thursday, June 16, 2011

Kaspersky 8 Update Availability – forefront SP2 Rollup

The below are some information for the exchange administrators on up gradation of forefront SP2 rollup3 for getting the Kaspersky engine 8 update.

1. Upgradation is an straight forward process, don’t panic after the up gradation also the engine folder name and in GUI mgt console it shows as kaspersky5 though the engine kaspersky8. As per Microsoft “The Kaspersky engine's names incorporates the version number '5'. Even after installing this hotfix rollup, the engine name for Kaspersky will still be "Kaspersky5" in both logs and within the Forefront Administrator client. This is purely a cosmetic issue and does not affect functionality.” So it’s fine.

2. New Engine updates are quite bigger in size compared to the old engines. So the default scan engine update time needs to be increased in the server through regedit. Also the incremental type of engine download is not available with rollup2, whereas rollup3 does have incremental type engine update

HKLM\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server
•Open Regedit
•Navigate to the following key:
HKLM\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server
•Click New DWORD Value
•Type EngineDownloadTimeout, and then press ENTER
•Right-click the new value and select Modify
•Select Decimal as the base, enter 600 in the Value data box, and then click OK. This setting causes the scan engine download process to time out after 600 seconds (10 minutes, instead of 5 minutes)
•Exit Regedit

3. On cluster make sure LocalEngineMapping.cab has been copied to the shared resource location else the engine update will fail in the clustered mailbox servers. For other roles, the file will be automatically updated in the correct installation folder itself.

As mentioned in the Microsoft site,

To install the hotfix rollup on a SCC cluster, choose one of the following methods:
Method 1
To install this particular hotfix on a SCC cluster, you should perform upgrades on all active nodes first. Setup will prompt you to allow it to take resources offline and bring them back online automatically. Check that all resources are online, and that all Forefront and Exchange services have been started afterwards. You should manually bring resources online / start services, if necessary. Once you have upgraded the active nodes, do not failover. Finally, upgrade each passive node in turn.
Installing on all active nodes first means that Forefront will be able to access the DatabasePath location, where it needs to copy a file to (LocalEngineMapping.cab).

Method 2
If you prefer not to upgrade on active nodes, you may perform a “rolling upgrade” where you install on each node only when it is in a passive state. This involves performing a series of failovers, so that each node has a chance to become passive. Once all nodes have been upgraded, you must copy LocalEngineMapping.cab from each active node’s local installation to the shared disk folder for the CMS. Forefront needs this file in the following shared disk location, in order to be able to upgrade the Kaspersky engine to version 8.
Copy LocalEngineMapping.cab from each active node’s local installation (source) to its shared disk folder (target):
Source location: \Program Files (x86)\Microsoft Forefront Security\Exchange Server
Target location: \ForefrontCluster\Engines\
a. There is no need to restart any services or failover the cluster after you have copied LocalEngineMapping.cab to the shared disk folder.
b. If you do not copy LocalEngineMapping.cab to the shared disk folder, Forefront will continue to try to update version 5 of the Kaspersky engine (which will be retired by Microsoft after 31st January 2011).

4. After the up gradation, if the old obsolete engines are still showing, then try renaming the scandisk.fdb and template.fdb (after stopping the forefront services). On restarting the service rebuild the two files, thereby will get the latest working engines alone.

5. In case of any engine update failure, check progromlog.txt which captures the complete engine update events with timestamp and neat descriptions.

Hope the information is useful.


Wednesday, June 15, 2011

BB device troubleshooting - client side

The below is the basic first level troubleshooting needs to be done in the BB device client side.

1. Check the signal strength.

2. Checking the wireless network connection setting
If the signal is good, there is no need to check the wireless network connection setting, but when the signal is down make sure the wireless network options are set. Check in Menu --> Options --> Mobile network options --> Make sure data services is on (mobile network and network selection mode is set appropriately)

3. Check the availability of the PIN Number in the device. Device --> option --> status --> will find 8 digit alphanumeric PIN Number. If you don’t find the pin number, try to register the device by going to Device --> option --> advanced options --> Host routing table --> press menu key and choose register. This will register your device in the BB RIM and the new unique PIN number will be generated, still if you have the issue in getting the PIN Number, then the problem is with the device and needs to be checked with the vendor.

4. Can check the mail flow from the BB device itself to the same connected user account or can send test PIN message to the same device account.

5. If you're having mail or messaging issues, or any other BlackBerry performance problems, you should resend your device's service books.

6. We can use the Blackberry device manager for synchronizing the BB device with the server i.e., outlook email client.

If the above are fine, then troubleshooting needs to be done at the BES server side like BESAdmin account permission, mailbox quota check, BB device last contact time, BB detailed event logs and goes on. Probably I will document an article on that front in the near future.

Hope the above information is useful.


Blackberry OS Installation/Upgradation:

This article explains the installation/upgradation of the blackberry Smartphones.

1. Connect the device and take the complete backup of the BB device using the Blackberry Desktop Manager and check the backup data for entries of contacts, messages, etc.
2. Disconnect the Device.
3. Download the Blackberry device OS from Blackberry website for the appropriate model and also chose the appropriate provider (exe file).
4. Run downloaded exe file and it gets extract the files in the location (C:\Program Files\Common Files\Research In Motion\Shared\Loader Files) by default.
For example: it creates the folder 8300-v4.5.0.174_P2.7.0.105 for the device 8300 BB device.
5. Select the application loader option in Blackberry Desktop manager and choose the update software | click start.
6. Connect the device and it should detect and the device model will be shown in the drop down menu.
7. Its check the device and gives the list of application and language setting before starting the installation, leave the default value and choose next.
8. Process takes around 30-60 minutes to complete. During the course of installation, it also takes the backup and restore after the OS upgrade.
9. At the end of the successful installation and unplug the device and check for the latest version and data.

Make sure Blackberry device battery level and also computer power are good before starting the installation.


Monday, March 7, 2011

New features in the unified messaging of Exchange 2010

Hi Friends,

In this article, let’s see the new features in the unified messaging of Exchange 2010.

The following is a list of new Unified Messaging features that have been included in Exchange 2010:

  • Personal auto attendants (call answering rules)
  • Additional language support including in Outlook Voice Access and Voice Mail Preview
  • Enhancements to name lookup from caller ID
  • Voice Mail Preview
  • Messaging Waiting Indicator
  • Missed call and voice mail notifications using text messaging (SMS)
  • Protected Voice Mail
  • Built-in Unified Messaging administrative roles

For more information about the new Unified Messaging functionality and new voice mail features.

Functional Descriptions

Voice Mail Preview: Exchange Server 2010 will facilitate the cumbersome task of navigating through voice messages. With Exchange Server 2010 speech-to-text translation, the user can read the contents of the audio recording in the same fashion they would read an e-mail. Furthermore, if the resulting voice messages are opened using Microsoft Office Outlook 2010, the text of the voice mail preview will become "actionable". Recognized names, contacts, and phone numbers will all be identified with icons that the user can select to add contacts, call using Office Communicator, or send e-mail. To facilitate navigation of the audio, clicking in the text will cause the voice mail to jump to that word and continue playing.

Protected Voice Mail: Exchange Server 2010 solves the problem of unauthorized distribution of the messages by securing the message content, specifying the users who may access that content, and the operations that they may perform on it. It uses Active Directory Rights Management Services to apply Do Not Forward permissions to voice messages that are designated either by the sender (by marking the message as private) or by administrative policy. This prevents the forwarding of protected voice mails in a playable form to unauthorized persons, whatever the mail client used.

Message Waiting Indicator (MWI): Now with Unified Messaging, users are notified of the presence of new/unread voice mail by lighting the lamp and providing a count on their supported desk phone. Additionally, users can configure their text messaging notification account to receive the beginning content of the voice mail preview in the SMS.

Auto Attendant: Users are often looking for a person in an organization, but are unsure of the extension or exact phone information. Exchange Unified Messaging's Auto Attendant enables users to easily navigate to the person they are trying to reach when calling an organization with either the telephone keypad or speech inputs to navigate the menu structure, place a call to a user, or locate a user and then place a call to that user. An auto attendant gives you the ability to:

  1. Create a customizable set of menus for callers
  2. Define informational greetings, business hours greetings, non-business hours greetings, and holiday schedules
  3. Describe how to search the organization's directory and connect to a user's extension
  4. Enable external users to call the operator

Call Answering Rules: Unified Messaging enables users to have more control over their call flows. For a salesman, this could mean the difference between sending an important sales lead to his voice mail instead of finding him on his cell phone or home phone. Call Answering Rules present callers with custom greetings, Find-Me, and call transfer options, in addition to leaving a voice mail. Moreover, these rules can be preceded by conditions (such as caller-IDs, time-of -day and Exchange free/busy status), giving end-users greater control over how they can be reached over the phone.

Outlook Voice Access: Users now have control over their Inbox with Outlook Voice Access via a telephone keypad or voice inputs. This enables anywhere access to their mailbox when a user is away from a computer or Internet-connected device. Now users no longer have need to worry about being late for appointments or being disconnected when traveling, as they can instantly call into their mailbox to manage their calendar, contacts, and e-mail.

Enhanced Caller ID: Users can get more context and information about their callers with Enhanced Caller ID. Callers are often not a part of a user contact list or organization's directory. For these cases, Windows Live Search will be used to try and determine the calling party. If a match is found, the result will be placed on the calling line of the message to better inform the user where the call came from.

Language Support: More users can now listen to and interact with their e-mail and voice mail in their native language or dialect. Exchange Server 2010 offers a broad range of language support with support for 16 languages including three varieties of English, plus Mandarin, Cantonese, European and North American versions of Spanish and French, and several other European languages.



Tuesday, February 1, 2011

Exchange 2010: DAG Features

Hi friends,

It’s been a while since I wrote an article, busy with the office work. Let’s move on. This article gives you what is DAG and its new feature and how it is different from the previous exchange versions.

Database Availability Group is one of the most expected new features of Exchange 2010. Microsoft has invested more time in reviewing the high availability feature of the mailbox resources.

Reason for the DAG:

1. In multisite CCR Cluster solution, the complexity in case of failures are more and especially in site resilience scenarios.
2. Features like CCR, SCC and SCR in exchange 2007 was not designed for the site resilience in the multi-site environment.
3. Hard time for engineers in handling the windows cluster dependent issues in failovers in multisite environment.
So conclusion, Simple and improved method for high availability feature is indeed a must on Exchange 2010.

Features removed from Exchange 2007:

1. No CMS or EVS concept or switches
2. No Storage group.
3. Limitation on having only Clustered Mailbox sever role without any other roles installed.
4. Exchange database is no more with the server level instead moved to Organization level.
5. No need to choose for installation of clusters or non-clustered mailbox at the start, can be done after deploying the server role (can call us incremental feature for deploying).
6. No LCR, SCC, SCR, CCR (but still there is trace of SCR and CCR patterns).

Features retained from Exchange 2007:

1. Uses Enterprise edition for DAG, since it uses limited part of Windows Failover Clustering.
2. Concept of seeding between the storage group copy with the queue length, replay time, etc. are retained in DAG as well.

New features of DAG:

1. They combined the SCR + CCR and derived a framework for high availability called DAG, which will be used for all deployment scenario - local or site or disaster cases.
2. Active Manager is the brain behind the switching/failovers. It is the replacement for the Exres.dll (Exchange Cluster resource DLL) of exchange 2007. There are two components for active manager, one called PAM – Primary Active Manager which decides on the active or passive copies and the other one called SAM – Standby Active manager which detects the failover and inform the PAM to initiate the failover.
3. Incremental Deployment i.e., forming cluster prior installing the exchange 2010 is not necessary anymore.
4. Database has been changed to the organization level from the Server level.
5. Limited dependency on Windows Failover Clustering – no more exchange application related entity are carried by the windows cluster instead you will have the limited dependency of Cluster database, heartbeat and the file share witness.
6. Co-existence with other Exchange roles since Exchange 2007 Clustered mailbox doesn’t work along with any other server roles.
7. Switch/Fail-overs much quicker than in the past.
8. Backup-less: No need to have the extensive backups/backup strategy of mailbox DB of more than 3 copies.
9. Support for DAG members in separate AD sites – member of DAG can be in different AD sites, but of Course should be of same domain within the forest.
10. Change in Log shipping: instead of SMB (Server Message Block) for shipping the log files, it uses the TCP protocol.
11. Availability of Log file Encryption and Log file compression.
12. Support for Public folder database is not supported in DAG instead it uses traditional Public folder replication mechanisms.
13. Truncation lag time value in Exchange 2007 SCR has been changed from 7 days to 14 days in Exchange 2010 DAG.

Hope the above is informative.