VPN Client fails to enable virtual adapter in W8

If you have W8 and use VPN or AnyConnect client like me, you could face the following issue.

22- 10- 2013 20-35-3422- 10- 2013 20-35-59It could be known issue regarding to the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CVirtA as well as selected checkbox “Allow other network users to conned through this computers Internet connection” in my case due to Hyper-V Virtual Switch.

22- 10- 2013 20-50-29

Exchange 2013 / Exchange 2010, Windows Server 2012 – SChannel Event ID:36888 (1203) – TLS/SSL error – The root cause

I have problems in some environments, where these SChannel errors are generated. Well. It took me several days to find reasonable “why” it is logged.

Problem:

The event ID from the picture can be seen from time to time:

EventID-Error

Solution:

Based on several articles I have read and some discussions. First you have to make sure, that the process causing this error is LSASS.exe, which is by the way local security authentication server (authenticating users to winlogon service, using authentication such as msgina.dll and so on). To make sure it is LSASS.EXE. Open Event ID and check the Event ID details, Click on Details tab -> Expand System while friendly view is selected. Check Process ID.

EventID_Details

Then use powershell and run:

Get-Process | select name,id | sort id

Result should give you the name of the processes. It will be lsass.exe.

Why:

Reason is simple. Not standard or corrupted behavior of web browsers or users. The problem behind SChannel and Exchange 2012 is, that sometimes users use HTTP protocol, but on port 443, which expects certificates exchange rather than GET command.

How to test:

Option 1#:

Test is easy. For example you can input URL to your browser address bar, which is obviously wrong and see the results: HTTP://MAIL.DOMAIN.LOCAL:443/OWA – It says to use HTTP protocol (not HTTPS) on the 443 port and it generates errors immediately.

Option 2#:

Run Telnet and test command:

Telnet localhost 443 (to connect to HTTPS)

In Telnet window:

Get /index.htm (on HTTPS SSL must be established first so it will generate errors immediately. Result will not be seen in telnet window)

What is the solution?

Solution #1:

Some IT guys recommend to disable SCHannel logging to get rid of these events, but I cannot recommend that. To be honest. It is better to see, that somebody is trying to connect using HTTP on HTTPS port, because this might be some attempt to DoS attack or info, that users don´t know how to type OWA URL correctly. Shortly it is better to know something is wrong than disable logging.

Solution #2:

I suspect wrong redirect configuration for the websites from HTTP to HTTPS. I would check IIS if redirect is set correctly. For those having this issue without redirect I would suspect problem in web browser area.

Links:

To test SSL via command line:

http://www.bearfruit.org/2008/04/17/telnet-for-testing-ssl-https-websites/

LSASS description:

http://www.neuber.com/taskmanager/process/lsass.exe.html

Get-VirtualDirectory cmdlets take a long time

Just a tip if you have large Exchange environment and Get-VirtualDirectory cmdlets take a long time.

You can follow KB2896472 and use the AdPropertiesOnly switch with the cmdlet which returs the virtual directory properties that are stored in Active Directory Domain Services and not in the Internet Information Services (IIS) metabase.

It works really nice.

[PS] C:\>Measure-Command -Expression {Get-WebServicesVirtualDirectory} | ft -a Milliseconds

Milliseconds
------------
         264


[PS] C:\>Measure-Command -Expression {Get-WebServicesVirtualDirectory -ADPropertiesOnly} | ft -a Milliseconds

Milliseconds
------------
          74

ForeFront Protection 2010 for Exchange Server integration failure after installing of Exchange 2010 SP3 RU2 on hybrid server EventID:1007,EventID:1008, EventID:9581, EventID:9564

This article is continuation of the https://ficility.net/2013/10/16/exchange-2010-sp3-hybrid-server-in-organization-which-have-had-exchange-200x-before-freebusy-issues/ . After installation of RU2 for Exchange Server 2010 SP3 we have had problem to intefrate ForeFront to its new (mailbox role). The MSExchangeIS service stucked and started to Start/Stop in the loop. Here are the corrective actions (actions will remove ForeFront and its settings, so if you are not sure how to configure your ForeFront, don´t use it):

Problem:

The following Event IDs are circulating: 1007 (FSC moniror Initialize) -> 1008 (FSC moniror Termination) -> 9581 (MSExchangeIS – Virus scan cannot be loaded) -> 9564 (Cannost start Information Store because Virus Scan failed to load)

FFERRORS

Solution:

  • Stop services
Stop-service MSExchangeIS
Stop-service MSExchangeTransport
Stop-Service FSCController -force
FSCutility.exe /Disable
  • Uninstall ForeFront (From Programs and features menu)
  • Restart server
  • Install ForeFront from media again and it will be automatically integrated to MSExchangeIS again.
  • Restart server
  • Configure ForeFront again, because re-installation removed your settings.
  • Test server
    From FF management console run
     FSCUtility.exe /status

    FFSTATUS_After

  • If ForeFront is integrated, run the following to test services on the server and to check if DB is mounted.
    Test-ServiceHealthGet-MailboxDatabaseCopyStatus
    Get-MailboxDatabaseCopyStatus

Exchange 2010 SP3 Hybrid server in organization, which have had Exchange 200x before – Free/Busy issues

On of my customers have Exchange 2010 SP3 migrated from 2007 and 2003 and wanted to have federation with Office 365 for remote archiving purpose. More about hybrid deployments might be found on technet: http://technet.microsoft.com/en-us/library/hh945197(v=exchg.141).aspx . We have had several troubles to make it work and one of MS suggestions was to install Free/Busy folders on Hybrid (CAS / HUB servers). We have fulfilled the need by Two steps:

  1. Install mailbox role on CAS/HUB server
  2. Install Free/Busy folder by performing following actions
powershell.exe 
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Setup 
Install-FreeBusyFolder -Verbose

After installation of Mailbox role and Free / Busy folder there is a mailbox database created on the server (As in the default installation of new mailbox server). Watch out! This database is not excluded from provisioning so new mailboxes can be created there and it doesnt have circular logging enabled. Microsoft did not mention that in doc, so I am mentioning to be safe and for my future reference.

Get-MailboxDatabase -Server Identity | Set-MailboxDatabase -CircularLoggingenabled $true -IsExcludedFromProvisioning $true
Get-MailboxDatabase -Server Identity | Dismount-Database -Confirm:$false
Get-MailboxDatabase -Server Identity | Mount-Database

That´s it. Your Hybrid server is prepared to be placed in production.

Parsing Exchange size strings

Here is a nice tip from Shay Levy: How to re-format known Exchange size format 1006 MB (1,055,195,632 bytes) to another size unit (KB,MB,GB, and so on) from csv (string) source? Just use the accelerator [Microsoft.Exchange.Data.ByteQuantifiedSize].

http://www.powershellmagazine.com/2013/10/08/pstip-parsing-exchange-size-strings/

Exchange 2013 – Replication problem when different disk configuration is used

My friend came with problem to add second copy of databese in Exchange 2013 DAG, because replication service failed to perform initial seed due to different configuration between source (first copy)  and target (second copy)disks. I wanted to test it, so here is case study:

LAB:

  • 2x DC, 2x Exchange 2013 – CAS and Mailbox role in DAG, HAProxy load balancer, Exchange 2010 SP3 multirole server
  • All running under VMWare player
  • TESTDB: First copy on one DAG member on mountpoint F: (GPT, SCSI, NTFS , 8kB / sector)

Getting info about NTFS:

I used the Powershell function presented in this article http://cornasdf.blogspot.cz/2010/03/using-powershell-to-get-ntfs-info-such.html?showComment=1362006532506#c4110837443209977959

Thanks to Conrad then gathering NTFS info is as easy as:

Get-NTFSInfo f

and result

Drive                           : f
NTFS_Volume_Serial_Number       : 0xfaf6f756f6f7121d
Version                         : 3.1
Number_Sectors                  : 20901887 (0x00000000013eefff)
Total_Clusters                  : 1306367 (0x000000000013eeff)
Free_Clusters                   : 1234271 (0x000000000012d55f)
Total_Reserved                  : 0 (0x0000000000000000)
Bytes_Per_Sector                : 512
Bytes_Per_Physical_Sector       : <Not Supported>
Bytes_Per_Cluster               : 8192
Bytes_Per_FileRecord_Segment    : 1024
Clusters_Per_FileRecord_Segment : 0
Mft_Valid_Data_Length           : 524288 (0x0000000000080000)
Mft_Start_Lcn                   : 393216 (0x0000000000060000)
Mft2_Start_Lcn                  : 1 (0x0000000000000001)
Mft_Zone_Start                  : 393248 (0x0000000000060020)
Mft_Zone_End                    : 418848 (0x0000000000066420)
RM_Identifier                   : 0E320AB6-7A27-11E2-B355-000C2940FA17

Plan:

Test replication issues while using the following setup:

  1. Create second copy of the database using SCSI, GPT, NTFS but larger size of the block (65kB)
  2. Create second copy of the database using SCSI, GPT, NTFS but lower size of the block (2kB)
  3. Create second copy of the database using IDE, MBR disk with the same NTFS config as the first copy of the database
  4. Create second copy of the database using IDE, MBR disk with the different NTFS config as the first copy of the database (65kB block)

Ad 1) Create second copy of the database using SCSI, GPT, NTFS but different size of the block (65kB)

I have preconfigured the disk with the same drive letter F: , GPT and now I will format the NTFS to 65kB block size. The info from NTFS:

[PS] C:\Windows\system32>get-ntfsinfo f

Drive                           : f
NTFS_Volume_Serial_Number       : 0x5ed0732ad0730793
Version                         : 3.1
Number_Sectors                  : 20901887 (0x00000000013eefff)
Total_Clusters                  : 163295 (0x0000000000027ddf)
Free_Clusters                   : 162095 (0x000000000002792f)
Total_Reserved                  : 0 (0x0000000000000000)
Bytes_Per_Sector                : 512
Bytes_Per_Physical_Sector       : 
Bytes_Per_Cluster               : 65536
Bytes_Per_FileRecord_Segment    : 1024
Clusters_Per_FileRecord_Segment : 0
Mft_Valid_Data_Length           : 65536 (0x0000000000010000)
Mft_Start_Lcn                   : 49152 (0x000000000000c000)
Mft2_Start_Lcn                  : 1 (0x0000000000000001)
Mft_Zone_Start                  : 49152 (0x000000000000c000)
Mft_Zone_End                    : 52384 (0x000000000000cca0)
RM_Identifier                   : 1749F9E1-7CB8-11E2-B6CB-000C29ECA938

Adding DB copy:

Add-MailboxDatabaseCopy -Identity TestDB -MailboxServer FrontEnd1 -ActivationPreference 2

Result:

Works normally. Database is seeded and also incremental seed works. Before point 2 I removed the mailbox database copy and formatted NTFS with lower block size.

[PS] C:\Windows\system32>Remove-MailboxDatabaseCopy testdb\frontend1

Confirm
Are you sure you want to perform this action?
Removing database copy for database "TESTDB" on server "FRONTEND1".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"): y
WARNING: The copy of mailbox database "TESTDB" on server "FRONTEND1" has been removed. If necessary, manually delete
the database copy's files located at "f:\TESTDB" and "F:\TESTDB\Testdb.edb" on that server.
[PS] C:\Windows\system32>

AD 2) Create second copy of the database using SCSI, GPT, NTFS but lower size of the block (2kB)

I have preconfigured the disk with the same drive letter F: , GPT and now I will format the NTFS to 2kB block size.

Works normally. Database is seeded and also incremental seed works. Before point 2 I removed the mailbox database copy and formatted NTFS with lower block size.

AD 3)Create second copy of the database using IDE, MBR disk with the same NTFS config as the first copy of the database

Seeding works normally as in other configurations.

PS C:\Users\administrator.SALONOVI> get-ntfsinfo f

Drive                           : f
NTFS_Volume_Serial_Number       : 0x42f4703af47031f1
Version                         : 3.1
Number_Sectors                  : 20965375 (0x00000000013fe7ff)
Total_Clusters                  : 1310335 (0x000000000013fe7f)
Free_Clusters                   : 1300725 (0x000000000013d8f5)
Total_Reserved                  : 0 (0x0000000000000000)
Bytes_Per_Sector                : 512
Bytes_Per_Physical_Sector       : 512
Bytes_Per_Cluster               : 8192
Bytes_Per_FileRecord_Segment    : 1024
Clusters_Per_FileRecord_Segment : 0
Mft_Valid_Data_Length           : 262144 (0x0000000000040000)
Mft_Start_Lcn                   : 393216 (0x0000000000060000)
Mft2_Start_Lcn                  : 1 (0x0000000000000001)
Mft_Zone_Start                  : 393216 (0x0000000000060000)
Mft_Zone_End                    : 418848 (0x0000000000066420)
RM_Identifier                   : 700D6323-8444-11E2-9E80-000C29ECA938

Ad 4) Create second copy of the database using IDE, MBR disk with the different NTFS config as the first copy of the database (4kB block)

Works as other configurations.

Drive                           : f
NTFS_Volume_Serial_Number       : 0x0a262c1b262c0a71
Version                         : 3.1
Number_Sectors                  : 20965375 (0x00000000013fe7ff)
Total_Clusters                  : 10482687 (0x00000000009ff3ff)
Free_Clusters                   : 9682285 (0x000000000093bd6d)
Total_Reserved                  : 0 (0x0000000000000000)
Bytes_Per_Sector                : 512
Bytes_Per_Physical_Sector       : 512
Bytes_Per_Cluster               : 1024
Bytes_Per_FileRecord_Segment    : 1024
Clusters_Per_FileRecord_Segment : 1
Mft_Valid_Data_Length           : 524288 (0x0000000000080000)
Mft_Start_Lcn                   : 3145728 (0x0000000000300000)
Mft2_Start_Lcn                  : 8 (0x0000000000000008)
Mft_Zone_Start                  : 3145728 (0x0000000000300000)
Mft_Zone_End                    : 3350560 (0x0000000000332020)
RM_Identifier                   : 700D6344-8444-11E2-9E80-000C29ECA938

Result:

I haven´t found error or problematic configuration, however, there might be some stuff useful for others. It took so much energy to test, that I would still like to post this article for future refference.