Exchange 2013 Issue

Microsoft is aware of a new issue impacting Exchange 2013 running on any version of windows. Impacted user may see delays in email delivery or slow response times including disconnected users. This because of too many objects pinned on the .NET Framework 4.5 garbage collector heap. It causes heap fragmentation in addition to an increase in CPU and memory usage by the garbage collector.

There is a work around:

  • For Exchange Server 2013 that is installed in Windows Server 2012

    Install the Hotfix from KB2803755 (needs a reboot)
    Create the COMPLUS_DisableRetStructPinning environment variable, and set the value of the variable to 1.
    Create a DWORD value of the DisableRetStructPinning entry at the following registry subkey, and set the DWORD value to 1:

    HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework

    Then reboot

  • For Exchange Server 2013 that is installed in Windows Server 2012 R2

    Create a DWORD value of the DisableRetStructPinning entry at the following registry subkey, and set the DWORD value to 1:

    HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework

    Then reboot

     

  • For Exchange Server 2013 that is installed in Windows Server 2008 R2 or Windows Server 2008

    Install the Hotfix from KB2803754 (needs a reboot)
    Create the COMPLUS_DisableRetStructPinning environment variable, and set the value of the variable to 1.
    Create a DWORD value of the DisableRetStructPinning entry at the following registry subkey, and set the DWORD value to 1:

    HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework

    Then reboot

 

Good luck!

Domain Controller DNS Check PS script

We do not use Microsoft DNS at my company. The main reason is the size of the company and the ways roles are delegated. It could work but the network team runs DNS and it is their call, so customized BIND it is. My 100+ domain controllers are allowed to make dynamic updates to the BIND servers but on occasion I see this break down. So I figured I’d share my script I use to confirm all the records when needed. The following requires Powershell 3, ActiveDirectory management module, and to be run as your enterprise admin account (if you have multiple domains in your forest.

(more…)

PKI and large CRL’s

Came across an interesting item the other day.  In the enterprise PKI services I saw our LDAP CRL publishing failing.  Apparently, this was due to the CRL being larger than 10MB in size. This happened when there are more than 250,000 revoked certs.  I was able to identify the problem of run away cert generation and revocation however I was still left with a large CRL :)

It turns out LDAP attributes are limited to 10MB. Active Directory is not a blob storage device and should be used for storage of more than more than 5MB of data in a single attribute.

to correct the issue there are a few ways.  the easiest/ more secure method would be to renew the Certificate Authority Certificate which would create a new CRL.  However since I was able to find a runaway process that generated and revoked a massive number of certs I wanted to remove the from the CRL as they were not valid and never actually issued to a person or device.

I generated a list of the invalid certs which were using a specific certificate template from powershell:

certutil.exe -view -v -restrict "NotBefore<4/1/2014,Disposition=21, certificatetemplate=TemplateOIDnumber" -out Serialnumber | Select-String "Serial Number:"  | Out-File OutSerialnumber04172014.txt

Then to remove them from the CRL we can set their Revoke status to 8 which leaves them revoked but does not publish out to the CRL file.

Get-Content .\OutSerialnumber04172014.txt | % { certutil -revoke $_ 8 }

Windows 8.1 & Skydrive Sync issue

After setting up my new Surface Pro 2 with Windows 8.1 I notice that Skydrive wasn’t syncing. After troubleshooting it for the past few days I have finally found the cause of my issue.  One of the My Documents Group Policy Objects (GPOs) was conflicting with Skydrive.

The offending object was the “Prohibit User from manually redirecting Profile Folders” setting.

User Configuration –> Administrative Templates –> Desktop

SkyDriuve-GPO

 

Once I setting to “Not configured” or “Disabled” updated the policy on my surface, logged off and back in Skydrive was working perfectly syncing and accessing all the files.

 

Lync 2013 Meetings and IE 11

Working with IE 11 we noticed that we were seeing issues joining Lync meetings when sharing PowerPoint slides.  The Lync Client\LWA Stage would just sit at the “Loading” and never display the presentation. Looking at the UCCAPI logs on the client this error message is logged:

<diagHeader>54020;reason=”The WAC presentation failed with a critical error

After working with Microsoft support on this issue it was determined to be a known bug in in the Office Web Apps servers. The fix was released on October 17th at:

http://support.microsoft.com/kb/2825686/en-us

Issues that this hotfix package fixes

  • Assume that Microsoft Lync 2013 is installed on a computer that is running Windows 8.1 or that has Windows Internet Explorer 11 installed. The computer is in an environment that uses an on-premises deployment of Office Web Apps Server 2013. When you try to share or view a Microsoft PowerPoint presentation in Lync 2013, the Loading indicator is displayed for longer than expected. Or, you receive the following error message:
    Sorry, we ran into a problem displaying the presentation. Please try again.

Issues with iOS7 and iPhone 5S

wp_ss_20131009_0002It has come to my attention that there are some issues with using the Lync 2013 mobile client on the new iPhone 5s’.

It seems when performing any video calls from the mobile device either to another mobile client, desktop client, or conference a digital static is transmitted instead of your video. See my screen shot attached to this post. Microsoft is now aware of this issue and is escalating it internally.  Hopefully it will be an easy fix but I would guess apple will need to get involved so it may take a while until we see a fix.

UPDATE 10/11/2013 : There was an update to the Lync 2013 mobile client released to the app store today that correct this.

 

Lync and AOL Public IM provisioning changing

AOLIf you have ever had to open a case with Microsoft on an AOL public IM interoperability issue you know the level frustration that can be had if the issue is on AOL’s side and getting them to work with you to correct any issues. However this might be changing for the better, in  June 2014 it apperrs that Microsoft will not longer be involved in the Public IM provisioning process.  You may initially think this is a bad thing but I think it will be for the better.  It means that you will have to work directly with AOL for setting up and maintaining the federation/ Public IM connection from your OCS/Lync environment to AOL   AOL is going to have to treating it as a real service and work directly with companies for Federations since Microsoft will not longer be involved.

AOL has put out a page with more of the details out at: http://aimenterprise.aol.com/pic.php

 

September 2013 Lync 2013 Client Update

Good news is that in the September 2013 Lync 2013 Cumulative Update the “fixes” the status bar and returns the icon back to the original behavior where it shows the presence status.

The bad news is that Presence is broken and does not update based on your free/busy status from your Exchange calendar.  Not really sure how that missed the QA department but it did and is documented out on KB2883716 Hopefully we will see another CU that fixes this in October.

Lync 2013 now supports SQL clustering.

When Lync 2013 RTM’ed there was a surprising lack of SQL clustering support.  The only way for supported High Availability was to use SQL mirroring configured by topology builder.  Now there is a support SQL clustering page with details on the Database Software Support TechNet article: http://technet.microsoft.com/en-us/library/gg398990.aspx

Lync Server 2013 supports the use of either SQL mirroring or SQL clustering for each Lync Server database. You can easily set up SQL mirroring with the Topology Builder tool in Lync Server 2013. For SQL failover clustering, you must use SQL Server for setup.

Lync Server 2013 supports SQL clustering topologies for all deployments, including greenfield deployments and organizations that have upgraded from previous versions of Lync Server.

SQL Clustering support is for an active/passive configuration. For performance reasons, the passive node should not be shared by any other SQL instance.

Still absent is any mentioning of SQL AlwaysOn Availability Groups. SQL clustering is welcome return and I’ll take any win I can get. :)

Lync 2013 – Centralized Logging Service

Lync 2013 has a new logging system to replace the older of Lync Logging Tool or OCLogger.exe that was used to collect logs on single servers.

The Centralized Logging Service or CLS. It can be overwhelming at first trying to use it or if you are trying to learn how to use it by reading TechNet on how to collect logs:
http://technet.microsoft.com/en-us/library/jj688101.aspx

The TechNet site does have excellent documentation on how it works and I have used it with great success for tracking down issues across 40+ servers.  However, if you do not use it a lot it can be intimidating to come up to speed o. The guys over at MyLyncLab.com have created a nice powershell GUI tool for setting it up.  You can find more details and a download link on their site at:
http://www.mylynclab.com/2013/04/lync-2013-centralised-logging-tool.html
ToolScreenshot