Just wanted to update you on my earlier post as promised.
I just bought Oxios ToDo List for SmartPhone for my Qtek 8310 as a substitute for the built-in. This one is much better - I can edit my tasks - and very important - works on the same database and thus synchronizes with Outlook/Exchange.
Friday, January 27, 2006
Thursday, January 26, 2006
AKU2 / MSFP and SP2 DirectPush configuration
The requirements are an Exchange Server 2003 with SP2 and a Mobile Device with Windows Mobile 2005 that includes the Messaging Security Feature Pack (MSFP aka Adaption Kit Update 2 (AKU2)) and for sync via USB with your machine you need ActiveSync 4.1 (Although this is not absolutely required). Furthermore for administration of the remote wipe features you will need the ActiveSync Web Administration tool.
The MSFP is actually a new version of the Windows Mobile OS so you need to wipe the device completely - with WM5 it is a pretty straight forward process; I started the phone in bootloader mode, connected it to USB and started the upgrade process. There's a very good TechNet Webcast called "Managing Windows Mobile-based Devices with the Messaging and Security Feature Pack" that includes very detailed info on security in Windows Mobile 5, the new features in MSFP and how upgrades can be done.
On the server side you need to change the IIS and Firewall timeout values. This is due to the fact that "DirectPush" works by keeping an http connection open to the server (Through a concept called heartbeats, where the mobile device periodically pings the server). If the firewall timeouts before the periodic ping, the device will need to ping/reconnect more frequently and errors might turn up in your eventlog. KB Article 905013 on "Enterprise firewall configuration for Exchange ActiveSync Direct Push Technology" explains more on this subject.
If you are using ISA server as a firewall you can change the timeout on the Web listener for your Front End mail server (Find it under properties for the web listener, Preferences, Advanced) and also you need to change the IIS timeouts on your Exchange Servers to a corresponding value (I'm currently using 30 minutes or 1800 seconds, which seems to work fine in a small environment).
It will be interesting to measure the scalability effects of these connections in Exchange 2003, where many users now not only will have an Outlook 2003 connection but also (almost always?) an active connection to their mobile devices - according to Microsoft its part of the reasoning that Exchange 12 will be 64 bit only (Longer story - I'm part of the beta program so I'm preparing to test it on my newly acquired AMD x64 Acer Ferrari 4000 notebook).
In overall the MSFP/DirectPush experience is great (Mail at times arrive on my mobile device before RPC/HTTPS syncs ;-), configuring the security policies and applying them to the devices also works fine, I can’t understand how I ever lived without GAL Lookup and I only have a few negative comments. The most annoying part is that the phone insists on informing me that a new mail has arrived, also when I’m at my desk. If I change my profile to “No sound” on mail arrival it will also turn of sound from SMS messages.
Another annoyance is the fact that the keyboard lock and device lock features doesn’t work together. So when the device is locked by the security policies and the phone is in my pocket – It doesn’t lock the keyboard and after x failed attempts it will wipe the device (Guess the rest of the story yourself ;-)
The MSFP is actually a new version of the Windows Mobile OS so you need to wipe the device completely - with WM5 it is a pretty straight forward process; I started the phone in bootloader mode, connected it to USB and started the upgrade process. There's a very good TechNet Webcast called "Managing Windows Mobile-based Devices with the Messaging and Security Feature Pack" that includes very detailed info on security in Windows Mobile 5, the new features in MSFP and how upgrades can be done.
On the server side you need to change the IIS and Firewall timeout values. This is due to the fact that "DirectPush" works by keeping an http connection open to the server (Through a concept called heartbeats, where the mobile device periodically pings the server). If the firewall timeouts before the periodic ping, the device will need to ping/reconnect more frequently and errors might turn up in your eventlog. KB Article 905013 on "Enterprise firewall configuration for Exchange ActiveSync Direct Push Technology" explains more on this subject.
If you are using ISA server as a firewall you can change the timeout on the Web listener for your Front End mail server (Find it under properties for the web listener, Preferences, Advanced) and also you need to change the IIS timeouts on your Exchange Servers to a corresponding value (I'm currently using 30 minutes or 1800 seconds, which seems to work fine in a small environment).
It will be interesting to measure the scalability effects of these connections in Exchange 2003, where many users now not only will have an Outlook 2003 connection but also (almost always?) an active connection to their mobile devices - according to Microsoft its part of the reasoning that Exchange 12 will be 64 bit only (Longer story - I'm part of the beta program so I'm preparing to test it on my newly acquired AMD x64 Acer Ferrari 4000 notebook).
In overall the MSFP/DirectPush experience is great (Mail at times arrive on my mobile device before RPC/HTTPS syncs ;-), configuring the security policies and applying them to the devices also works fine, I can’t understand how I ever lived without GAL Lookup and I only have a few negative comments. The most annoying part is that the phone insists on informing me that a new mail has arrived, also when I’m at my desk. If I change my profile to “No sound” on mail arrival it will also turn of sound from SMS messages.
Another annoyance is the fact that the keyboard lock and device lock features doesn’t work together. So when the device is locked by the security policies and the phone is in my pocket – It doesn’t lock the keyboard and after x failed attempts it will wipe the device (Guess the rest of the story yourself ;-)
Friday, January 20, 2006
Monad beta 3 is out
As a follow up to my previous post, I just wanted to tell you that beta 3 is available for download.
Hibernate - and I mean it!
I have a server for running Virtual Server. The server uses a wireless network card to connect to my home LAN. This gives me a problem as the wireless specifications disallow inserting other MAC adresses. To give my guest OSs internet network access, I'm running Routing and RAS on the host.
This all works fine except one thing: I cannot hibernate my server anymore.
RRAS pops up a message telling me, that it will not allow that-
For a while I have stopped the service, hibernated and remembered to restart the service on resume, but I just found another solution.
Simply write -
shutdown /h /f
The /f ignores RRAS and hibernates right away.
Now, I haven't used this much, so use it at your own risk. There could be a reason for RRAS not supporting hibernation - and if you know it, please share the knowledge.
This all works fine except one thing: I cannot hibernate my server anymore.
RRAS pops up a message telling me, that it will not allow that-
For a while I have stopped the service, hibernated and remembered to restart the service on resume, but I just found another solution.
Simply write -
shutdown /h /f
The /f ignores RRAS and hibernates right away.
Now, I haven't used this much, so use it at your own risk. There could be a reason for RRAS not supporting hibernation - and if you know it, please share the knowledge.
Thursday, January 19, 2006
How to add a loopback device from the command line
This is easy -
devcon install %windir%\INF\netloop.inf *msloop
devcon.exe is found in Support Tools.
Have fun
devcon install %windir%\INF\netloop.inf *msloop
devcon.exe is found in Support Tools.
Have fun
Friday, January 13, 2006
LCS PIC troubleshooting
The LCSKid has posted a good article on LCS PIC troubleshooting. It contains the kind of questions that you will be asked when calling PSS. It can also be used for checking requirements/troubleshooting before bothering PSS with a call ;-)
Thursday, January 12, 2006
Issues with EASI passport domains, LCS and MSN Messenger
When implementing Live Communications Server (LCS) in your organization with Public IM Connectivity (PIC) support, you need to change your EASI passports (e.g. dlt@inceptio.dk) to either a @messengeruser.com or @hotmail.com address - if the domain name (in this case inceptio.dk) is used in your LCS implementation.
The background/details are described in this article and the change can be completed directly through this link.
That was the easy part - but according to Will Robinson at Intense Collabage there are intermittent problems where, after the transition, contacts remain offline. The solutions is according to Will/MSN Support -
Furthermore, there are problems with Windows Live Custom Domains and EASI passports (Might be that MS regrets ever offering EASI passport domain support ;-)
The background/details are described in this article and the change can be completed directly through this link.
That was the easy part - but according to Will Robinson at Intense Collabage there are intermittent problems where, after the transition, contacts remain offline. The solutions is according to Will/MSN Support -
- Log in to MSN messenger with new account name.
- Export your contacts to a file (Option in Menus)
- Delete all your contacts manually
- Import the contacts file.
Furthermore, there are problems with Windows Live Custom Domains and EASI passports (Might be that MS regrets ever offering EASI passport domain support ;-)
Monday, January 02, 2006
Hunting a better task list for my QTek 8310
I've been hunting a better solution for a while. My QTek 8310 does not allow me to edit my tasks etc., so the usefulness is limited...
I gave Oxios ToDo List 5.10 a run - it works on the same tasks as the built-in task applet and thus on my Exchange/Outlook tasks - but it could not open the task database.
Returning to the Oxios page, I found the solution. A 6.0a4 version - alpha - can be downloaded.
It seems to work. I now have 15 days to figure out whether it is worth the 13€. I'll let you know in a later post.
Check also the Today plugin. This enabled you to access tasks directory from the Home Screen and is freeware.
I gave Oxios ToDo List 5.10 a run - it works on the same tasks as the built-in task applet and thus on my Exchange/Outlook tasks - but it could not open the task database.
Returning to the Oxios page, I found the solution. A 6.0a4 version - alpha - can be downloaded.
It seems to work. I now have 15 days to figure out whether it is worth the 13€. I'll let you know in a later post.
Check also the Today plugin. This enabled you to access tasks directory from the Home Screen and is freeware.
Remote Mobile Registry Editor
Just been referred to this tool from a friend of mine. It is called Mobile Registry Editor and can be found here. It lets you modify the registry of your mobile device from you PC. Much easier than using the limited keyboard on my phone.
BTW: I was talking to him about debugging my Qtek 8310 problem. It would not boot after my - ahem - cleaning up. I was suspecting that I deleted some files for my custom home screen. Luckily, I should just let it stay stay turned on for a looong time - and finally, it came up with an error message and I could switch it to another home screen layout.
BTW: I was talking to him about debugging my Qtek 8310 problem. It would not boot after my - ahem - cleaning up. I was suspecting that I deleted some files for my custom home screen. Luckily, I should just let it stay stay turned on for a looong time - and finally, it came up with an error message and I could switch it to another home screen layout.
Friday, December 23, 2005
Sender ID Framework troubleshooting
Per has earlier written about SenderID and we of course implemented the required SPF records at Inceptio. But then we needed to change our E-mail server publishing to another Firewall with another IP Scope / ISP and the trouble began. Usually changing the IP address of a DNS record takes some time to replicate (Actually technically it needs to expire in the cache on the DNS servers around the world, but that’s another story).
So changing the IP address required changing our A record for mail.inceptio.dk - which should be enough as our SPF record points to mail.inceptio.dk (And all A records) –
"v=spf1 a mx mx:mail.inceptio.dk -all"
After changing the firewall configuration, the A record and waiting a few hours everything seemed to work fine, email was flowing in- and outbound and rpc/https worked - I was happy ;-)
Then I received an e-mail with the text "Sender is forged (SPF Fail)" appended to the subject line. At first I thought it was a matter of DNS cache expiration and that time would solve the problem – but then a few hours later a mail bounced with the error “**Message you sent blocked by our bulk email filter**”.
For troubleshooting I used the SPF testing tool from dnsstuff (That provides other great tools as well) and a few others with only positive results. After a bit of troubleshooting I decided that synthetic testing method of dnsstuff wouldn’t give me an answer to the problem. Instead I used port25’s automated testing tool, which basically is an e-mail address called check-auth@verifier.port25.com that you send an e-mail to. A few minutes later you will receive an authentication report that includes compliance checks for the Sender ID standard and Yahoo’s DomainKeys (Also check their site for other resources).
In my case the problem was that the new firewall used a different outbound IP address than I expected. Changing the configuration of the firewall solved the problem and now its working fine again (Actually the whole situation reminded me about the problems we had back in the NT4/W2K and Exchange 5.5. days, with e-mails bouncing due to Exchange clusters using the Host IP address instead of the Exchange Virtual IP address because of problems with the gethostbyname() method as I described in my old article Tips for Clustering Exchange Successfully).
So changing the IP address required changing our A record for mail.inceptio.dk - which should be enough as our SPF record points to mail.inceptio.dk (And all A records) –
"v=spf1 a mx mx:mail.inceptio.dk -all"
After changing the firewall configuration, the A record and waiting a few hours everything seemed to work fine, email was flowing in- and outbound and rpc/https worked - I was happy ;-)
Then I received an e-mail with the text "Sender is forged (SPF Fail)" appended to the subject line. At first I thought it was a matter of DNS cache expiration and that time would solve the problem – but then a few hours later a mail bounced with the error “**Message you sent blocked by our bulk email filter**”.
For troubleshooting I used the SPF testing tool from dnsstuff (That provides other great tools as well) and a few others with only positive results. After a bit of troubleshooting I decided that synthetic testing method of dnsstuff wouldn’t give me an answer to the problem. Instead I used port25’s automated testing tool, which basically is an e-mail address called check-auth@verifier.port25.com that you send an e-mail to. A few minutes later you will receive an authentication report that includes compliance checks for the Sender ID standard and Yahoo’s DomainKeys (Also check their site for other resources).
In my case the problem was that the new firewall used a different outbound IP address than I expected. Changing the configuration of the firewall solved the problem and now its working fine again (Actually the whole situation reminded me about the problems we had back in the NT4/W2K and Exchange 5.5. days, with e-mails bouncing due to Exchange clusters using the Host IP address instead of the Exchange Virtual IP address because of problems with the gethostbyname() method as I described in my old article Tips for Clustering Exchange Successfully).
Wednesday, December 21, 2005
LCS 2005 Configuring Certificates guide updated
Microsoft has updated their "Microsoft Office Live Communications Server 2005 Certificate Configuration" deployment guide to version 2.2. Comparing the old with the new version shows that it’s mostly clarifications and removal of some references to using client certificates that were required in earlier versions of LCS.
Find the guide here.
Find the guide here.
Santa IM Worm hits MSN (And AOL / Yahoo)
A new worm called IM.GiftCom.All tricks users into installing a rootkit on their computer, that in turn will IM the users other contacts with links to an image of Santa. Quote -
This is just one more reasons for companies to block Public IM communications and move to Live Communications Server 2005 with PIC and IMLogic/Sybari for their RTC needs.
Read more at source and thanks to bink.nu for pointing to the info.
"This worm is a medium threat in terms of its distribution, but in terms of the damage it can create, it's a more severe threat," said Art Gilliland, vice president of products for IMlogic."It's not a very happy delivery," he added.
This is just one more reasons for companies to block Public IM communications and move to Live Communications Server 2005 with PIC and IMLogic/Sybari for their RTC needs.
Read more at source and thanks to bink.nu for pointing to the info.
Tuesday, December 20, 2005
IMF Updates explained
Alexander at EHLO has posted a very good description of how to enable automatic updates of IMF v2 and the functionality of IMF updates
Find it here
IMF updates are twice per month
IMF updates are only supported on Exchange 2003 Servers with SP2 where IMF is enabled
IMF updates are supported on all Exchange server languages
IMF updates are available from Microsoft Update via both manual and AU
IMF updates supports uninstall through Add/Remove Programs and manual rollback
Find it here
Friday, December 16, 2005
Microsoft Command Shell "Monad" Videos
Monad - or msh as the exe is called - is still in the works. Currently, it is in public beta 2 (September
2005). You can get a version for .Net Framework 2 RC/RTM at MS Downloads. Click this link to search for your version.
If you want to get a little deeper into this, look at the Channel 9 videos on Monad. They feature Jeffrey Snover, are short and useful.
Getting Started documentation is available here.
Monad can do the same stuff in a few commands like you can do in many lines of VBScript (or similar) - it will hit you some day!
Being an old (Open)VMS user, it really like the nice words he uses about its DCL. Even though it can be better, it is very good owing to it consistent syntax, error handling and lots of other features. Man, I spent a lot of time using that...
2005). You can get a version for .Net Framework 2 RC/RTM at MS Downloads. Click this link to search for your version.
If you want to get a little deeper into this, look at the Channel 9 videos on Monad. They feature Jeffrey Snover, are short and useful.
Getting Started documentation is available here.
Monad can do the same stuff in a few commands like you can do in many lines of VBScript (or similar) - it will hit you some day!
Being an old (Open)VMS user, it really like the nice words he uses about its DCL. Even though it can be better, it is very good owing to it consistent syntax, error handling and lots of other features. Man, I spent a lot of time using that...
Thursday, December 15, 2005
Exchange DirectPush notifications to WM5 may be delayed / stopped
Several sources including msmobiles reports that a company called Visto has filed a lawsuit against microsoft for infringing three of their patents
Read Visto's press release here.
(Redwood Shores, CA, December 15, 2005) - Visto Corporation has filed a legal action against Microsoft (NASDAQ: MSFT) for misappropriating Visto’s intellectual property. The complaint asserts that Microsoft has infringed upon multiple patents Visto holds regarding proprietary technology that provides enterprises and consumers with mobile access to their email and other data. The company is seeking a permanent injunction that would prohibit Microsoft from misappropriating the technology that Visto and its cofounder helped develop nearly a decade ago.
Read Visto's press release here.
Wednesday, December 14, 2005
Microsoft Office Communicator Web Access has been released
"OWA" for Live Communications Server 2005 SP1 has been released to the web. It's an interesting product that support for example external users and those whose platforms aren't supported by Office Communicator (E.g. Windows 2000) and it contains the following features -
Web access – Users can access the IM and presence features in Live Communications Server 2005 SP1 through any supported Web browser.
Presence – Communicator Web Access users can determine the status of other SIP users and update their own presence information.
Personal notes – A user can publish a personal note that is displayed along with the user’s presence information.
Extensive contact management – Users can add contacts to a contact list, tag contacts to be notified when those contacts’ presence status changes, and organize listed contacts into groups.
Federation – When federation is enabled in Microsoft Office Live Communications Server 2005 with SP1, Communicator Web Access users can view the presence of users in external organizations and send instant messages to those users.
Multiple browser and operating system support – Users with Windows-based and non-Windows-based browsers and operating systems can use Communicator Web AccessUser search – The Communicator Web Access server connects to the Microsoft Active Directory® directory service. Unlike Communicator, however, Communicator Web Access does not query the Live Communications Server Address Book.
Tuesday, December 13, 2005
Circumventing Group Policy as a Limited User
Just a warning :)
Read it all at Mark's Sysinternals blog. As always, you have to be impressed by Mark.
Read it all at Mark's Sysinternals blog. As always, you have to be impressed by Mark.
Wednesday, November 30, 2005
New RTC blog by the RTC product team
We've heard loud and clear that many people want a better connection with the RTC product team. We're excited to do something about it. The primary goal of this blog is to establish two way communication between the product team and our customers and partners. We will also use this blog as an educational channel to provide additional product information.
Find the blog here or the RSS feed here
Sunday, November 20, 2005
Microsoft ActiveSync 4.1 has been released - updated for clarity
Most notably it will support devices running the upcoming Messaging and Security Feature Pack (MSFP a.k.a. AKU2) with the following feature enhancements (From MSFP) supported in Microsoft ActiveSync -
Btw. besides the integration to MSFP there also are a few new features to ActiveSync 4.1 -
- DirectPush Mail
- Local device wipe
- Certificate-based authentication
Btw. besides the integration to MSFP there also are a few new features to ActiveSync 4.1 -
- New partnership wizard to help customers more easily setup a sync partnership
- Faster transfer of data files including media
- Ability to sync photos assigned to contacts from Outlook on the desktop
Friday, November 18, 2005
LCS 2005 - why NLB is not recommended
As I wrote a couple of days ago in LCS and Network Load Balancing software based Load Balancing isn't recommended for anything else than test environments.
Well it turns out that the LCS Kid has a post on the subject named LCS 2005 - Reasons why NLB is not recommended but instead a Hardware Load Balancer that contains even more reasons to avoid NLB.
Well it turns out that the LCS Kid has a post on the subject named LCS 2005 - Reasons why NLB is not recommended but instead a Hardware Load Balancer that contains even more reasons to avoid NLB.
Subscribe to:
Posts (Atom)