Description

When deploying Database Availability Groups (DAGs) with Exchange 2010, multiple network are generally used. You’ll have a client or “MAPI” network and at least a replication network. I’ve seen some organizations that also deploy backup networks. Each has their own NICs or NIC teams. Only the client network should have a default gateway defined. The rest should not. Static routes are added for the others using the NETSH command.

Setting the NIC properties is sometimes  a manual task, and sometimes a scripted task via PowerShell. On a large project, I needed to run a validation script to ensure that the servers were consistent and ready for the Exchange build, and fix those that could be done via script. I noticed that servers were coming with gateways defined on all of the NIC teams, so I need to resolve this. Turns out, it was a little challenging to do it via PowerShell.

There is apparently no easy way to just remove the gateway. We can easily set it, but my assumption that setting it to $null would work was incorrect. What I ended up doing, with the assistance of Serkan Varoglu, was to change the NIC from static to DHCP, then back to static, defining only the IP address and subnet mask. Not the most direct method, but it works. And, it appears to leave other parameters intact, including DNS servers, suffixes, WINS, etc.

First we use WMI to grab the NIC by name ($NicName):

$Adapter = Get-WmiObject -Class Win32_NetworkAdapter -Filter "NetConnectionID='$NicName'"

Then we get the configuration for the NIC by calling it using the index number of the NIC we got from above:

$Nic = Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter "Index=$($Adapter.Index)"

Next, we need to grab the NIC’s IP and subnet mask so we can assign them again later:

$NicIP = $Nic.IpAddress[0]
$NicMask = $Nic.IpSubnet[0]

The, we set the NIC to DHCP,

$Nic.EnableDhcp() | Out-Null

And then back to static, using the IP and mask we retrieved from above:

$Nic.EnableStatic($NicIp,$NicMask) | Out-Null

We can wrap this into a function and call it in our validation scripts.

function Remove-NicGateway	{
<#
.SYNOPSIS
	Removes the default gateway on a specified network interface card (NIC)

.DESCRIPTION
	Removes the default gateway on a specified network interface card (NIC) by first setting the NIC to DHCP, and then setting it back to static and not specifying the gateway - just the IP and subnet mask

.NOTES
  Version      				: 1.0
  Rights Required			: Local admin on server
  										: ExecutionPolicy of RemoteSigned or Unrestricted

	Author       				: Pat Richard, Exchange MVP
	Email/Blog/Twitter	: pat@innervation.com 	https://www.ucunleashed.com @patrichard
	Dedicated Blog			: https://www.ucunleashed.com/152

	Author       				: Serkan Varoglu
	Email/Blog/Twitter	: N/A	http://www.get-mailbox.org	@SRKNVRGL

	Disclaimer   				: You running this script means you won't blame me if this breaks your stuff.
	Info Stolen from 		: 

.EXAMPLE
	Remove-NIcGateway -NicName [name of NIC]

.INPUTS
	None. You cannot pipe objects to this script.

#Requires -Version 2.0
#&gt;
	[cmdletBinding(SupportsShouldProcess = $true)]
	param(
		[parameter(ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, Mandatory = $true, HelpMessage = "No NIC name specified")]
		[ValidateNotNullOrEmpty()]
		[string]$NicName
	)
	$Adapter = Get-WmiObject -Class&nbsp;Win32_NetworkAdapter -Filter "NetConnectionID='$NicName'"
	$Nic = Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter "Index=$($Adapter.Index)"
	$NicIP = $Nic.IpAddress[0]
	$NicMask = $Nic.IpSubnet[0]
	Write-Verbose "$NicIP $NicMask"
	$Nic.EnableDhcp() | Out-Null
	Start-Sleep -s 5
	Write-Verbose "Setting $NicName to $NicIP $NicMask"
	$Nic.EnableStatic($NicIp,$NicMask) | Out-Null
} # end function Remove-NicGateway

And call it via:

Remove-NicGateway -NicName [NIC/Team Name]

such as

Remove-NicGateway -NicName "Replication"

Hopefully, this will be useful to you.

Donations

I’ve never been one to really solicit donations for my work. My offerings are created because *I* need to solve a problem, and once I do, it makes sense to offer the results of my work to the public. I mean, let’s face it: I can’t be the only one with that particular issue, right? Quite often, to my surprise, I’m asked why I don’t have a “donate” button so people can donate a few bucks. I’ve never really put much thought into it. But those inquiries are coming more often now, so I’m yielding to them. If you’d like to donate, you can send a few bucks via PayPal at https://www.paypal.me/PatRichard. Money collected from that will go to the costs of my website (hosting and domain names), as well as to my home lab.

I have to admit I didn’t think I’d see this day. But MEC, the Microsoft Exchange Conference, is returning after a 10 year absence, according to Microsoft’s Michael Atalla, Director, Exchange Product Management.

If you’ve heard of the mysterious MEC, the rumors are true. A dedicated conference centered around Microsoft’s flagship messaging product. In depth technical sessions from Microsoft product group members giving you the very best bang for your conference buck. And a great chance for some social interaction with other messaging professionals.

I firmly believe that MEC is by far the best conference for a messaging professional using Microsoft products.

For more details, see the product group’s blog post at http://blogs.technet.com/b/exchange/archive/2012/03/06/mec-is-back.aspx. And, see the website www.MECisback.com.

I’ll see you there!

Description

Here’s a simple function to change the label of a drive.

function Set-DriveLabel	{
	<#
	.SYNOPSIS
	  Sets the label on a drive.

	.DESCRIPTION
	  Sets the label on a drive to a user specified value

	.NOTES
	    Version      			: 1.0
	    Rights Required			: Local admin on server
	    					: ExecutionPolicy of RemoteSigned or Unrestricted
	    Exchange Version			: N/A
            Author     				: Pat Richard, Exchange MVP
            Email/Blog/Twitter	                : pat@innervation.com 	https://www.ucunleashed.com @patrichard
            Dedicated Blog			: https://www.ucunleashed.com/1097
            Disclaimer   			: You running this script means you won't blame me if this breaks your stuff.

	.EXAMPLE
		Set-DriveLabel -DriveLetter "d:" -DriveLabel "Data"

	.INPUTS
		None. You cannot pipe objects to this script.

	#Requires -Version 2.0
	#>
	[cmdletBinding(SupportsShouldProcess = $true)]
	param(
		[parameter(Position = 0, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, Mandatory = $true, HelpMessage = "No drive letter specified")]
		[string]$DriveLetter,
		[parameter(Position = 1, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, Mandatory = $true, HelpMessage = "No drive label specified")]
		[string]$DriveLabel
	)
	Write-Host "Setting drive label - drive $DriveLetter"
	$drive = Get-WmiObject -Class Win32_Volume -Filter "DriveLetter = '$DriveLetter'"
	Set-WmiInstance -input $drive -Arguments @{Label="$DriveLabel"} | Out-Null
	If ((Get-WmiObject -Class Win32_Volume -Filter "DriveLetter = '$DriveLetter'").Label -eq $DriveLabel){
		return $true
	}else{
		return $false
	}
} # end function Set-DriveLabel

You would then call it as such:

Set-DriveLabel -DriveLetter [drive] -DriveLabel [label]

such as

Set-DriveLabel -DriveLetter d: -DriveLabel "Data"

Comment based help is available via

Get-Help Set-DriveLabel

Donations

I’ve never been one to really solicit donations for my work. My offerings are created because *I* need to solve a problem, and once I do, it makes sense to offer the results of my work to the public. I mean, let’s face it: I can’t be the only one with that particular issue, right? Quite often, to my surprise, I’m asked why I don’t have a “donate” button so people can donate a few bucks. I’ve never really put much thought into it. But those inquiries are coming more often now, so I’m yielding to them. If you’d like to donate, you can send a few bucks via PayPal at https://www.paypal.me/PatRichard. Money collected from that will go to the costs of my website (hosting and domain names), as well as to my home lab.

News

Premier

OpsVault – Operate and Optimize IT http://www.opsvault.com

Microsoft Premier Support UK – Site Home – TechNet Blogs http://blogs.technet.com/b/mspremuk/

Antigen & Forefront

Forefront Team Blog – Site Home – TechNet Blogs http://blogs.technet.com/b/forefront

Forefront Server Security Support Blog – Site Home – TechNet Blogs http://blogs.technet.com/b/fssnerds

Exchange

Exchange Team Blog – Site Home – TechNet Blogs http://blogs.technet.com/b/exchange/

MCS UK Unified Communications Blog – Site Home – TechNet Blogs http://blogs.technet.com/b/msukucc

Lync

Lync Team Blog – Site Home – TechNet Blogs http://blogs.technet.com/b/lync/

Hosted Messaging Collaboration

None

Office Communication Server & LiveMeeting

NextHop – Site Home – TechNet Blogs http://blogs.technet.com/b/nexthop/

Outlook

http://blogs.msdn.com/b/outlook/default.aspx

Other

NextHop – Site Home – TechNet Blogs http://blogs.technet.com/b/nexthop/

The Master Blog – Site Home – TechNet Blogs http://blogs.technet.com/b/themasterblog

New KBs

Antigen & Forefront

Microsoft Forefront Online Protection for Exchange:

1. You cannot change the primary SMTP address for a user in Exchange Hosted Archive http://support.microsoft.com/kb/2649288/
2. Messages take a long time to be displayed on the Review tab of Archive Viewer in Exchange Hosted Archive http://support.microsoft.com/kb/2664389/
3. “550 5.1.8 Access Denied, bad sender” nondelivery report (NDR) error code in Forefront Online Protection for Exchange http://support.microsoft.com/kb/2666743/

Exchange

Microsoft Exchange Server 2007 Enterprise Edition

1. Public folder replication stops working in Exchange Server 2007 http://support.microsoft.com/kb/2653072/

Microsoft Exchange Server 2007 Service Pack 3:

1. You cannot set the “Country/region” attribute of a user mailbox to “Curaçao,” “Bonaire, Sint Eustatius and Saba,” or “Sint Maarten (Dutch part)” by using the Exchange Management Console on an Exchange Server 2007 server http://support.microsoft.com/kb/2667912/

Microsoft Exchange Server 2010 Enterprise

1. Exchange Server 2010 OAB download fails when redirection is configured incorrectly in IIS 7 http://support.microsoft.com/kb/2290340/
2. Exchange 2010 ActiveSync users cannot synchronize an EAS device for the first time http://support.microsoft.com/kb/2579075/
3. “Junk e-mail validation error” error message when you manage the junk email rule for a user’s mailbox in an Exchange Server 2010 environment http://support.microsoft.com/kb/2591572/
4. The Exchange RPC Client Access service crashes when you send an email message in an Exchange Server 2010 environment http://support.microsoft.com/kb/2599663/
5. Event ID 4999 when the Exchange Mailbox Assistants service crashes in Exchange 2010 http://support.microsoft.com/kb/2619237/

Lync

Microsoft Lync 2010

1. The “Lync New Online Meeting” button in Outlook does not work in a Lync Server 2010 environment http://support.microsoft.com/kb/2665270/
2. Lync Server 2010 certificate requirements for user access http://support.microsoft.com/kb/2667698/

Microsoft Lync Server 2010 Enterprise Edition

1. Description of the update for Lync Server 2010, Mobility Service: February 2012 http://support.microsoft.com/kb/2665325/

Microsoft Lync Server 2010 Standard Edition

1. Calls do not always connect if you have a DNS balancer and multi-homed network deployed in a Lync Server 2010 environment http://support.microsoft.com/kb/2658817/

Office Communication Server & LiveMeeting

Microsoft Office Communicator 2007

1. Description of the update package for Office Communicator 2007: February 2012 http://support.microsoft.com/kb/2666140/

Microsoft Office Communicator 2007 R2

1. Office Communicator 2007 requests authentication information when you use a smart card to unlock a computer http://support.microsoft.com/kb/2665724/

Outlook

Microsoft Office Outlook 2003

1. Description of the Outlook 2003 Junk Email Filter update: February 14, 2012 http://support.microsoft.com/kb/2597968/
2. Description of the Outlook 2003 post-Service Pack 1 hotfix package: September 17, 2004 http://support.microsoft.com/kb/867824/

Microsoft Office Outlook 2007

1. An Outlook 2007 meeting organizer is changed to an attendee in an Exchange Server cross-forest environment http://support.microsoft.com/kb/2220899/

Microsoft Outlook 2010

1. Outlook 2010 not responding, hangs, or freezes http://support.microsoft.com/kb/2652320/
2. Information about the Calendar Checking Tool for Outlook (CalCheck) http://support.microsoft.com/kb/2678030/

 

I travel a LOT. 200 days away last year – nearly all of them weekdays. I am continuously streamlining my travel process, from how/what I carry to how I dress, to when/where to arrive and park. Doing so has made the travel process much easier. And easier means more time at home or client sites, and less time frustrated at airports.

Last October, the TSA and some airlines rolled out a program called Known Traveler Screening. This program uses the Customs and Border Patrol’s (CBP) Trusted Traveler programs and allows those in the program to go through much quicker security screening by prescreening them. Four airports were in the original pilot, including my home airport, Detroit Metro (DTW). The program is now being expanded to dozens more airports throughout the country.

CBP has several programs that help streamline travel for those going between the U.S. and other countries. Global Entry deals with entry into the U.S. by U.S. citizens from abroad. Nexus focuses on travel between the U.S. and Canada. And SENTRI focuses on travel between the U.S. and Mexico. In order to be a Trusted Traveler, you need to be enrolled in at least one of the programs.

Here is the process I went through:

January 15th, 2012 (Day 0): I enrolled in CBP’s Global Entry and Nexus programs using the Global Online Enrollment System (GOES). My company has an office in London, plus there are always some conferences in other countries, and, who knows, maybe a client or two. So Global Entry made sense. I live near Detroit, which is just across the river from Windsor Canada – home of some nice dinner establishments and a big casino and entertainment venue. So that program made sense.

Enrollment requires a fairly detailed form submission, including passport and drivers license info, residence and contact info, and employment info going back ~7 years. It also requires a $50 application fee. Once submitted, you’re advised to check the status of the application regularly. In my case, I checked every couple of days, and each time, the status read “Pending Review”.

February 24th (day 40): I received an email stating there had been a change in status for my application. Upon logging into the GOES site, my application had a link for “conditional approval notification”. Clicking the link showed a form letter stating my application had been processed, and I was “invited” to visit a Nexus Enrollment Center for an interview. To my surprise, I was able to electronically schedule my interview for the following day, a Saturday (really – the government – on SATURDAY?!). The local Nexus Enrollment Center was at the foot of the infamous Ambassador Bridge, the main crossing between Detroit and Windsor.

February 25 (day 41): I arrived about a 1/2 hour early for my interview. The Enrollment Center is in a string of office trailers near the bridge. It is staffed by agents from both CBP and the Canadian border service. When I entered, there were about 8 others who had just watched a video. As the video played for me, the others were processed through their interviews. The video was a quick tutorial on how to use the Nexus card for border crossings via auto and air.

Following that, I waited about 5 minutes before I was called. By then, nearly everyone else was already gone. I was asked a few questions about the nature of my travel, as well as some info on the restrictions of traveling into Canada for work purposes. A decal was affixed to my passport for Global Entry. A quick photo and electronic fingerprinting, and I was on my way with some pamphlets. Total time at the building was about 1/2 an hour.

By the time I got home, I had another change in status email. This one was for “Approval Notification” and contained a Nexus number. The same number showed on the main GOES page next to my Trusted Traveler Program link. It is referred to as “Membership Number / PASS ID”. This is where it gets a little confusing.

In doing some more research, it was frustrating to determine the next step, and I thought maybe I had enrolled in the wrong programs. Between CBP, TSA, and the airlines, no one used the same terminology, including program names, processes, requirements, etc. Through some trial and error, as well as reading some travel related forums, I determined that I needed enter a “Known Traveler Number” in the Secure Flight Passenger Data section of my Delta profile. Turns out, the Known Traveler Number is your Trusted Traveler Number, essentially the PASS ID mentioned above.

Further research indicated that it may only be valid for reservations made after the number is added to your profile.

February 26th (day 42): I left for a previously scheduled flight. Going through the Priority security line, I mentioned to the TSA agent performing the credential screening that I had submitted my PASS ID the previous day. She confirmed that the reservation must be made after the PASS ID is added for it to work. So, the normal Priority line for this flight.

March 1st (day 46): My Nexus card arrived in the mail. I was pleasantly surprised. It was less than a week since visiting the Enrollment Center. When it arrives, you must go back to the GOES web site and activate the card, similar to how you activate a new credit card. The card also came with a protective sleeve that prevents the RFID chip from being read while it’s in your wallet.

Friday, March 2nd (day 47): I booked a work related flight for two days later. During the booking process, I confirmed the Secure Flight Passenger Data screen did contain my PASS ID number.

Sunday, March 4th (day 49): When I went through the credential checkpoint, the device that scans my cell phone boarding pass now also displayed a “LLL” to the TSA agent (I believe that was it – but I only got a quick glimpse). I was directed down the Trusted Traveler line instead of the normal backscatter / magnetometer screening area. The Trusted Traveler area was MUCH faster and far more convenient. For one, there was only one other person in line, and I never had to wait for them as the process is too fast. I immediately noticed that there were no white bins – the bane of many a traveler. I was not required to remove my jacket, shoes, or belt, and did not need to empty paper or other items from my pockets – something the normal process requires. I was told to toss my wallet and cell phone into my bag. I walked through a magnetometer (metal detector), and waited MAYBE 15 seconds for my bags to go through x-ray. Entire time from the credential check point to past the entire security area was under 60 seconds. This was VERY cool.

Other than having an overly confusing enrollment process, it was worth the streamlined security line process. I look forward to seeing this rolled out into more of the airports that I travel through.

If you’re with another airline and have gone through the process, let me know your experience.