Exchange 2010 SP 2 – a breeze compared to SP1

When I heard about SP2 – I was worried that I would have to do a lot before I could even think about upgrading. This SP was a bit more routine…

We had a few users report some oddities – like duplicate sent emails or duplicate shared contacts – but those may not have had anything to do with the upgrade.

Call me relieved…

Exchange 2010 SP 1 Update Rollup 4 fixed (one of) my problem(s)!

I was finishing up the process of migrating from Exchange 2007 to Exchange 2010 – mainly trying to get Public Folders to replicate, and while I was troubleshooting and making some minor changes, I rebooted the server and all of a sudden I was having issues with EMC and EMS. Everything else seemed to be working fine.
When I opened EMC I saw a pop up that read “MMC has detected and error in a snap-in and will unload it.” Where upon I had two options – one of which was Unload the snap-in and continue running.  After selecting that option I got an error popup that hat a title of “Unhandled Exception in Managed Code Snap-in.”  Then a string that began with FX: and then a statement “Directory ‘root’ does not existParameter name: root” and then a bunch of exceptions.
I thought – no problem – the GUI is dead – PowerShell will save the day – well maybe not…
When I opened EMS I saw all sorts of error like the following
Exception calling “TryLoadExchangeTypes” with “2” argument(s): “Directory ‘root’ does not exist
Parameter name: root”
At  %Exchange install path% binRemoteExchange.ps1:75 char:92
+ $typeLoadResult = [Microsoft.Exchange.Configuration.Tasks.TaskHelper]::TryLoadExchangeTypes <<<< ($ManagementPath, $t
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException
The Exchange types file wasn’t loaded because not all of the required files could be found.
Update-TypeData : The following error occurred while loading the extended type data file:
Microsoft.PowerShell, %Exchange install path% binExchange.partial.Types.ps1xml(80) : Error in type “Deserialized.Microsoft.Exchang
e.Management.SystemConfigurationTasks.ExchangeCertificate”: Cannot convert note “TargetTypeForDeserialization”:”Cannot
convert the “Microsoft.Exchange.Management.SystemConfigurationTasks.ExchangeCertificate” value of type “System.String”
to type “System.Type”.”.
At  %Exchange install path% binRemoteExchange.ps1:104 char:16
+ Update-TypeData <<<<  -PrependPath $partialTypeFile
    + CategoryInfo          : InvalidOperation: (:) [Update-TypeData], RuntimeException
    + FullyQualifiedErrorId : TypesXmlUpdateException,Microsoft.PowerShell.Commands.UpdateTypeDataCommand
And I could do nothing – nothing at all! Logging on to another profile, installing the tools on another machine – none of that worked. Installing a MBX server on another box did finally give me some visibility but I didn’t really want to introduce another migration into the mix – especially since I was concerned there might be deeper issues.
I looked high and low for any of this on the Internet  – and couldn’t find anything.  I went through all of the PowerShell command referenced, and any of the files I could find that I remotely thought might be referenced. And I still couldn’t find anything.
So I decided to call Microsoft Support –  I spent  several days on the phone with them, and went through many things I had come across and had rejected as not applying – nothing seemed to work, and worse – the one suggestion I got to remove the Exchange Server from AD and then re-add it, killed everything – the server hung on restart.  I hate to say it but Microsoft Support sucks badly – at least at the lower levels. The guys did try hard – and if you read this I don’t blame you, I blame the system.
We were able to get it up in running in safe mode – disabled all the automatic Exchange services, reboot, and then enabled and restarted the services. When the Exchange MS support guy saw a netlogon error, he turned me over to an AD guy – who found a null value in HKLM/Sys/CCS/services/lanmanserver/parameter in the Null SessionPipes key – apparently there is an internal doc on that problem – the values he added were NETLOGON,  LSARPC, BROWSER, SAMR
That got me back to my EMC and EMS problem – oh boy!
Then my boss forwarded an email late yesterday he had about someone having problems with Exchange 2010 SP 1 Update Rollup 4 – and I thought – that must be a typo – I hadn’t seen anything about Rollup 4, I had Rollup 3 which was the latest available when I built the box. I thought – surely MS support would have suggested it….  riiiiight.
So I decided to go look – Microsoft Update didn’t find it, so I did a search found the download and ran the install. Be warned – it doesn’t run quickly. When I saw that it was extracting .net related changes – I had some hope that it would fix the problem – and sure enough it did –  without a reboot (but it does stop and start all the Exchange services)
Now back to my original public folder problems….

Exchange 2010 SP1 Checklist

I compiled this list in anticipation of doing an Exchange 2010 SP1 upgrade
Preliminary considerations:
·      General Checks
o   Ensure one of your domains is marked as default
§  Get-AcceptedDomain | fl
o   Ensure that domains do not have a space in the name
o   If servers were deployed from some sort of golden master and sysprep did not work (or wasn’t used) use Sysinternal psgetsid.exe to check the SID’s for your DC and Exchange servers ensure they do not match.
·      Download all files to local disk(s) or fast connected network shares
·      The functional level of the forest needs to be at least Windows Server 2003
·      While it isn’t explicitly necessary the Exchange 2003 environment should be completely removed and functionality tested before the SP1 install. See
·      If you haven’t yet prepared the schema for Exchange 2010 SP1, the account you use to upgrade the server must be a member of the Schema Admins group and the Enterprise Admins group and you need to update the schema before installing the upgrade. See
o   setup /PrepareAD
·      Minimum Blackberry Enterprise Server level is 5.0.2 which should be upgraded before the Exchange 2010 SP1 upgrade
o   Verify Throttling Policy and RCA parameters for BESAdmin
o   Increase maximum connections to Address Book Service (after SP1??)
o   Review details at
·      You can only install on computers running 2008 SP2 & 2008R2
o   There are specific hotfixes that must be installed before SP1 – depending on the OS ( see and for which of the below must be installed on which box) – Note: Windows 2008 R2 SP1 includes all the required hotfixes
§  979744
§  983440
§  977624
§  979917
§  973136
§  977592
§  979099
§  982867
§  977020
o   There is no reason why these patches couldn’t be applied before the actual SP1 install outage
·      The account used for the update must be a member of the Delegated Setup management role group or the Organization Management role group and must be a member of the local Administrators group on that computer
Actual Install
·      You should upgrade your Exchange 2010 in the following order:
o   Client Access / Hub Transport Servers
§  If you use a load-balanced array of Client Access servers, you must upgrade all Client Access servers in that array to Exchange 2010 SP1 at the same time. Exchange 2010 RTM and Exchange 2010 SP1 can’t coexist within the same load balanced array.
o   Unified Messaging
§  Simple checklist below
·      Disable call answering on the UM server
o   Disable unified messaging
o   Remove UM Server from a Dial Plan
·      Ensure prerequisites are met (see doc)
·      Remove E2k10 UM language packs
·      Run e2k10 sp1
·      Re-add any required language packs
·       Add the UM server to a UM dial plan
o   Mailbox Servers
§  Upgrade DAG – details are here:
·      Quick overview is:
o   Upgrade only passive servers
o   Place server in maintenance mode
o   Stop any processes that might interfere with the upgrade
o   Verify the DAG is healthy
o   Be aware of other implications of the upgrade
§  (Basically you can’t failover a SP1 member to a RTM member)
·      When the installation is finished, complete the following tasks
·      Start the Services MMC snap-in, and then verify that all the Exchange-related services are started successfully.
·      Log on to Outlook Web App to verify that it’s running correctly.
·      Send test emails internally and externally
o   Test using MS tool @
·      Test from a variety of clients (Outlook, Mobile / Blackberry, etc)
·      Verify UM integrations are working
·      Check Queues to make sure mail is routing properly
·      Test posting to public folders, GAL update, etc
Other items to consider:
·      A longer potential window for the upgrade would be better – these installs can take longer than expected and this is not a minor update – better to say it will take 8 hours and only use 4 than the other way around.
·      A static Address Book Service Port may cause issues – see
·      .NET 4 may or may not cause issues
·      There are a variety of bugs and problems documented here:
o   You should consider also applying the Update Rollups  (1, 2 and 3) which fix some of these bugs – (for example)
·      There could be phone integration issues – I am not familiar with all phone systems so each system should be investigated to check for  any known issues with Exchange 2010 SP1
·      Install the Office 2010 Filter Packs if they aren’t already installed
Document References:

Decommissioning Old 2003 Domain Controllers

Recently I had to help move some services off of a few old 2003 domain controllers. I compiled the following list to help me remember all of the things I needed to check
Moving NTP
·      Old DC
o   w32tm /config /syncfromflags:domhier /reliable:no /update
o   net stop w32time && net start w32time
·      New DC
o   w32tm /config / /syncfromflags:manual /reliable:yes /update
o   net stop w32time && net start w32time
Moving DHCP
o   Export from 2003
§  Netsh
§  server <\Name or IP Address>
§  export c:w2k3DHCPdb all
o   Import to 2008
§  Copy the exported DHCP database file to the local hard disk of the Windows Server 2008-based computer. 
§  Install the DHCP Role on the server. 
§  net stop DHCPserver 
§  Delete the DHCP.mdb file under c:windowssystem32DHCP folder. 
§  Start the DHCP server service. 
§  Netsh
§  server <\Name or IP Address>
§  import c:w2k3DHCPdb
§  Restart DHCP and verify the database has moved over properly. 
·      Open Active Directory Sites and Services.
o   expand the Sites container
o   expand the site of the domain controller you want to check
o   expand the Servers container
o    expand the Server object.
§  Right-click the NTDS Settings object, and then click Properties
§  On the General tab, if the Global Catalog box is selected, the domain controller is designated as a global catalog server.
·      netdiag /test:dns /v   (2003)
·      move DNS – point all servers to one primary DNS
·      netdiag /test:dsgetdc /v   (2003)
·      nltest /dclist:
·      dcdiag /s: domaincontroller /test:knowsofroleholders /verbose
·      dcdiag /s: domaincontroller /test:fsmocheck
If the domain controller hosts encrypted documents,
·      perform the following procedure before you remove Active Directory to ensure that the encrypted files can be recovered after Active Directory is removed: Export a certificate with the private key
·      dcpromo
If the domain controller hosts encrypted documents
·       and you backed up the certificate and private key before you remove Active  Directory, perform the following procedure to re-import the certificate to the server: Import a certificate
·      Open Active Directory Sites and Services.
·      Expand the Sites container and expand the site of the Server object.
·      Expand the Servers container, and then expand the Server object to view any Child objects
·      Open Active Directory Sites and Services.
·      Expand the Sites container, and then expand the site from which you want to delete a Server object.
·      If no Child objects appear below the Server object, right-click the Server object, and then clickDelete.

McAfee Windows Kill Fix

**updated again**

Been hit by the McAfee issue?

Yes? No guarantees but the following methods have worked for us:

First try the local cached file option:

* Click start / run / type in cmd
* Click OK

On the command line:
a. copy c:windowsServicePackFilesi386svchost.exe c:windowssystem32
b. hit /enter/
c. net start “windows installer”
d. hit /enter/

Find someone with the same working version and service pack of Windows – copy the svchost.exe file from their WindowsSystem32 folder to a usb stick

Then to copy it to the affected system you may have to use the command prompt

Where ‘u:’ equals the usb drive letter

* Click start / run / type in cmd
* Click OK

On the command line:
a. copy u:svchost.exe c:windowssystem32
b. hit /enter/
c. net start “windows installer”
d. hit /enter/

—off the command line—-

Go to control panel and add remove programs
Uninstall Mcafee
Reboot if prompted

Windows won’t boot?

Go here for helpful directions and options

Not affected? Just say no to McAfee anyway – uninstall it and switch to Microsoft Security Essentials

*Written on a Mac*
*I don’t own any shares in or work for any of the companies mentioned*

RSS: Make Your Desktop Come Alive with GeekTool

If you are running a Mac and you monitor anything at all – you *need* to get Geek Tool, this is a helpful article on it…

Make Your Desktop Come Alive with GeekTool

GeekTool is a really neat preference panel that allows widget-like functionality on a highly customizable level.

Unfortunately, if you aren’t particularly geeky, this app can be a bit confusing to get up and running. Luckily enough, here at AppStorm there’s definitely no shortage of geeks such as myself to help you out! I’ll take you step by step through finding and installing scripts to make your desktop the envy of the office.

Read more at Make Your Desktop Come Alive with GeekTool

Don’t change your password – learn what you are doing, or get off of your computer

This article is about those “irritating security measures” which “are a waste of time.”

It really isn’t saying anything new, the problem is complexity and systems not designed to be secure. People do not update their computers and click on things without thinking.

Changing a password frequently won’t cure the problem, however the way some will take the advice is what troubles me. Like people who refuse to have their kids immunized because they have never seen anyone get the disease the immunization is for.

Merely doing a crude cost analysis (it costs me ‘x’ hours to be secure) misses the point – because people are ignorant – they waste more time than they would save by not changing passwords. If they actually took time to learn what to do, they could be more productive overall and maybe less systems would be burdened by their bad decision, increasing everyone’s productivity

Best review so far on the iPad

After playing around a bit with my iPad that showed up on Saturday, I read the following review which I found to be the best quick and even handed look at it.

“In the end, you have to try it for yourself. The world is full of people who formed fierce opinions about the iPad not only before they’d used one but before they knew anything for sure about it. But this gizmo is something new. And if you think you can come to any conclusions about it by thinking of it as either a giant iPhone or a netbook with the keyboard chopped off, you’re wrong.”

Read the link for more