APP-V or Server APP-V ? That’s the question…

You needn’t  to be a virtualization Guru to understand the difference between APP-V and Server APP-V. In fact, you have only to be a good man which pay attention to his friends and family to understand that !

Ok, it’s quite easy, let see:

First scenario

You have a critical application in your company which is compatible with windows XP. The desktop team plan to upgrade to Windows 7. Unfortunately, the application is not compatible with Windows 7 and you haven’t any updates, patches or new release to make the application operational in Windows 7. So, what can be done?

Solution

The desktop team can use application virtualization. In fact, Microsoft have a product named “MDOP: Microsoft Desktop Optimization Pack” which include APP-V. So, the desktop team will sequence that application and generate a package that can be deployed via SCCM “System Center Configuration Manager” or be streamed via an APP-V stream server. So, that Windows 7 client can use and manipulate that application in their environment.

Second scenario

You plan to create service template that include some applications. You want to integrate that applications but they need to be installed in the virtual machine. What’s the easy way to do that without changing the application configurations or without doing some hard coded scripts?

Solution

Server Application Virtualization is functionality that packages server applications into xcopyable images, which can then be easily and efficiently started and deployed without an installation process. This can all be accomplished without requiring changes to the application code. This virtualization process also separates the application and its associated state from the operating system thereby providing new approaches to deployment and management.

And “Voila”, it’s clear now, in the future I will publish some guides to helps technicians to use APP-V and Server APP-V.

Trick: Switch between Server Core and Full Installation in Windows 2012

 

You know that’s impossible in Windows 2008R2 to switch between Server Core and a Full installation. Besides, in Windows 2012 that’s possible. So, if you have a Server Core mode and you want to switch to Full installation you have only to use one of this methods:

• Use Sconfig.cmd
• Powershell:

Import-Module ServerManager

Install-WindowsFeature –IncludeAllSubFeature User-Interfaces-Infra –Source c:\mount

Now, if you have a Full installation of Windows 2012 and you want to switch to a Server Core Mode, you can do the following tasks:

• Remove the “Graphical Management Tools and Infrastructure” feature
• Remove the “Graphical Shell” feature

“Missing drivers error” when you install Windows Server 2012

You may receive “Missing drivers” error when you try to install Windows 2012 in a physical machine using DVD.

Solution:

- The windows 2012 ISO file you downloaded may be corrupted

- Try to burn your Windows 2012 Media using at maximum 4x as a speed

 

Good luck

[ERROR] Database is mandatory on UserMailbox. Property Name: Database

When you try to apply SP1 or SP2 on Exchange 2010 Server, you may receive the error stating that “Database is mandatory on UserMailbox. Property Name: Database.” in the Exchange setup log.

This error is caused by some information that missed in “System Mailbox”. In our case, “System mailbox” aren’t affected to a specific database. There are two solutions:

First Workaround:

1- Delete system mailbox from Active Directory using ADSI tools

• Click Start, click Run, type adsiedit.msc, and then click OK.
• Locate the Default Naming Context node, and then locate to the CN=Users container.

Locate:

• "DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852}"
• “System mailbox”
• Delete them

2- Run Setup.com /prepareAD, then, System mailboxes will be created

3- SP2 installation will be finish succesfully

Second Workaround:

1- Locate system mailboxes in AD with ADSI

2- Change HomeDB parameter, and affect mailboxes to an existing database

3- Rerun SP2 setup, it will finish succesfully

Exchange 2013 Preview released

A nice surprise from MS, they revealed the Exchange edition called : Exchange 2013 Preview.

In order to download it refer to this link: http://technet.microsoft.com/en-us/library/bb124558(v=exchg.150)

Good luck

Fine Grained Password Policy in Windows 2012 RC

 

No need to ADSI or LDIFDE Tools to configure the “Fine Grained Password Policy” in windows 2012 RC. All it’s done by GUI “Graphical User Interface”. It’s pretty simple and cool. As Microsoft Certified Trainer, my students found many difficulties when configuring PSO with the ADSI Tool.

1. The first step: “ Active Directory Administrative Center”

Remember, with windows 2008, we find the PSO object already created in a special container called “Password Setting Container”, under the “System” Container. So let’s go there…

2. Create the PSO object

Double click the container called “Password Setting Policy”, then, let’s do a right click…. Amazing, we can create the PSO object here. So simple…

3. A pretty cool GUI

This is the GUI to create a PSO object, I created “My first PSO Object” as you see in the following picture, the GUI is divided into two parts, the first one for the configuration purpose and the second to apply the created PSO to a user or group.

Best regards.

Active Directory Recycle Bin In Windows 2012 RC

 

With Active Directory in Windows 2008 R2, configuring AD Recycle Bin request doing some pretty tasks with Powershell to activate this new feature and some others tasks to restore object. With Windows 2012 RC, such tasks become so simple relying to the GUI. You will find here, step by step in order to activate the recycle bin and for restoring an object with graphical user interface.

1. Activate the “Active Directory Recycle Bin”

You have to open “Active Directory Administrative Center”, Don’t forget, you must have at least a forest functional level equal or greater than “Windows 2008 R2”. Then click the option in the red square. (See the following picture)

2. The famous container “Deleted Object”

After activating the “ADRB”, refresh the screen, you will see a new container called “Deleted Object”, double click it.

3. Restoring an Object

Now, restoring a deleted object is pretty cool, you have only to make a right click, then you have a list of choice. (See the following picture)

 

Thanks Microsoft

Error When Installing the SP1 for Exchange 2010

After you install the SP1 for Exchange 2010, you try to open the Exchange PowerShell, you receive this error:

La chaîne commençant par :
Au niveau de ligne : 1 Caractère : 5
+ « . <<<< 'C:\Program Files\Microsoft\Exchange Server\V14\\bin\RemoteExchange.ps1´; Connect-ExchangeServer -auto »
n'a pas de terminateur : '.
Au niveau de ligne : 1 Caractère : 109
+ « . 'C:\Program Files\Microsoft\Exchange Server\V14\\bin\RemoteExchange.ps1´; Connect-ExchangeServer -auto » <<<<
+ CategoryInfo : ParserError: (C:\Program File...eServer -auto »:String) [], ParentContainsErrorRecordExc
eption
+ FullyQualifiedErrorId : TerminatorExpectedAtEndOfString

To troubleshoot this issue, proceed by:

-  Open the command prompt and execute the following command line:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -noexit -command ". 'C:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1'; Connect-ExchangeServer <var><target server></var>"

where <target server> is the name of your Exchange server.

If this command line doesn’t function do the following:

- Install the Rollup Update 4 for Exchange 2010 SP1

Good luck

Exchange 2010 SP2 Update Rollup 1 released

Microsoft released the Update Rollup 1 for Exchange 2010 SP2. For more information about the description of this RU1, you can visit this link .

To download RU1 For Exchange 2010 SP2.

Best Regards.

How to integrate AD RMS with Exchange 2010 SP2(Part 3)

In this third part, we will configure AD RMS and Exchange 2010 server to communicate with each others. Let see how to do that:

1- This is the console of AD RMS. You can open it by accessing the administrative tools.

2- You have in this step to grant at least read and execute permission to “Exchange servers group” and the RMS service account in the “servercertification.asmx” file. You will find this file under “C:\inetpub\wwwroot\_wmcs\certification”

3- In the AD RMS console, enable the super user and specify a security distribution group that have an email address that match his name

4- In Exchange server, run the PowerShell. After that, type the following Cmdlet. Test-IRMConfiguration –Sender administrator@contoso.local

You will find only some warning with the last test. If you have have any other other errors or warning in the steps before, you have to troubleshoot them.

5- Now, we have to enable IRM for internal recipients by running the following PowerShell Cmdlet: Set-IRMConfiguration –InternalLicensingEnabled $True

6- To verify if IRM is enabled with OWA, we have to make a test with this PowerShell Cmdlet: Get-OWAVirtualDirectory |FL *RM*

All is OK. Exchange 2010 SP2 and AD RMS interact correctly with each others. In the next part, we will deploy a policy and use it with an Outlook 2010 user.

How to integrate AD RMS with Exchange 2010 SP2(Part 2)

In the part 1, we spoke about IRM. Now we will focus on the deployment process. First of all, we begin with AD RMS:

1- Add the“AD RMS” role

2- AD RMS rely on database to store its configuration, you have to choose between the Microsoft internal database or a remote SQL server instance.

3-  Specify the service account, if AD RMS is also a domain controller “Not recommended”, you have to add the account to the “domain admins group”

4- Specify the location of the AD RMS cluster key

5- Specify a strong password for the AD RMS cluster key

6- Select the website in IIS where you want to store the virtual directory of the certification

7- Specify the AD RMS cluster address, you have to specify the FQDN and don’t forget to validate it. If the name you specified is different from the server name hosting the AD RMS, you have to add a CNAME record in DNS. In fact, client will request for license from that URL.

8- Choose the certificate. This step is so important, because the certificate must contain the name provided in the previous step. In my scenario I used a self signed certificate

9- Specify the licensor certificate name

10- You have now to register the Service Connection Point (SCP) of AD RMS in Active Directory

11- Now, install

We have finished the installation of AD RMS. In the next part of this article, we will configure AD RMS and Exchange 2010 to communicate with each others.

ADRMS: The remote certificate is invalid according to the validation procedure

Trying to put in place IRM functionality to cooperate with Exchange 2010, I have to install AD RMS and test the IRM configuration with the Exchange PowerShell. Moreover, I encountered the following error:

When I added the ADRMS role, I have chosen a self signed certificate. After that, I took a look at the IIS, I found my certificate bind with the “Default Web site”. I tried this ADRMS URL, “https://dc.contoso.local/_wmcs/licensing/server.asmx” , and I got a certificate error. I guessed then that my certificate must be in the container of my “Trusted root certification authorities” and the problem is solved.

Good luck

How to integrate AD RMS with Exchange 2010 SP2(Part 1)

Exchange 2010 provides some kind of security features like TLS in order to secure the communication in a network by a mean of encryption and Email encryption by using the S/MIME to encrypt the messages.

Unfortunately, the traditional features have some limitations. Besides, the company deals with critical data that may contain business information or financial reports… And users rely on their Mailboxes to send this data to each other. So, Exchange server provide a new feature known as IRM.

What’s IRM?

Information Right Management “IRM”, apply persistent protection  to messages and attachments ( MS office or enabled IRM applications) in Exchange server. With IRM you can :

• User can’t forward, modify, print, fax, save, or cut and paste the content of a message or an attachment.
• User can’t view an IRM protected message or attachment after a specified period.
• User can’t use a windows snipping tool to copy the content of an IRM protected message.

With IRM you can’t:

• Prevent users from using a third party tools to capture screen
• Prevent users from using imaging devices to photograph an IRM protected message.
• Prevent users from remembering and then typing the content of an IRM protected message.

IRM rely on Active Directory Right Management Server, a role in windows server 2008. In the next article, we will begin the deployment of IRM and we will start by implementing AD RMS.