Latest Entries »

My New Blog

Hey Guys,

I am moving this blog onto my new address

http://hanygeorge.com/BLOG

Regex Tools

These are some tools that could get you started with regex. They also include testers for your regex

RegExr Desktop

Free RegEx Tool for MacOSX, Windows, and Linux

RegExr Desktop is a tool for learning, editing, and testing regular expressions

http://gskinner.com/RegExr/desktop/

 

For Testing your regexes

http://regexpal.com/

http://regexhero.net/tester/

If you ever want to export / import a mailbox use the below

1- You need to set a role assignment to the user

New-ManagementRoleAssignment –Role “Mailbox Import Export” –User AD\Administrator

2- To Export Run the following command

New-MailboxExportRequest -Mailbox "SourceMailbox" -IncludeFolders "Namethefolder" -FilePath \\servername\c$\mailboxexport.pst

3- To import run the following command

New-MailboxImportRequest -Mailbox "NewRoomMailbox" -IncludeFolders "namethefolder" -FilePath \\servername\c$\mailboxexport.pst

 

For Example, the below exports calendar items from one Mailbox to the other

New-MailboxImportRequest -Mailbox "OLDRoomMailbox" -IncludeFolders "#Calendar#" -FilePath \\servername\c$\meetingroomcalendat.pst

New-MailboxExportRequest -Mailbox "NEWRoomMailbox" -IncludeFolders "#Calendar#" -FilePath \\servername\c$\meetingroomcalendat.pst

When installing Lync you will need the following for the roles

FrontEnd

 

For Server 2012:

PS C:\> Import-Module ServerManager
PS C:\> Add-WindowsFeature Web-Server, Web-Static-Content, Web-Default-Doc, Web-Scripting-Tools, Web-Windows-Auth, Web-Asp-Net, Web-Log-Libraries, Web-Http-Tracing, Web-Stat-Compression, Web-Default-Doc, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Errors, Web-Http-Logging, Web-Net-Ext, Web-Client-Auth, Web-Filtering, Web-Mgmt-Console, Web-Asp-Net45, Web-Net-Ext45, Web-Dyn-Compression, Web-Mgmt-Console, Desktop-Experience

For Server 2008 R2 SP1:

PS C:\> Import-Module ServerManager
PS C:\> Add-WindowsFeature Web-Server, Web-Static-Content, Web-Default-Doc, Web-Scripting-Tools, Web-Windows-Auth, Web-Asp-Net, Web-Log-Libraries, Web-Http-Tracing, Web-Stat-Compression, Web-Default-Doc, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Errors, Web-Http-Logging, Web-Net-Ext, Web-Client-Auth, Web-Filtering, Web-Mgmt-Console, Web-Dyn-Compression, Web-Mgmt-Console, Desktop-Experience

 

In-addition to the above you will need

1- Windows Identity Foundation from here

2- .NET Framework 4.5 from here

3- PowerShell 3.0 from Here

 

Office Web Apps

 

For Windows 2008 R2, run:

Import-Module ServerManager

Add-WindowsFeature Web-Server,Web-WebServer,Web-Common-Http,Web-Static-Content,Web-App-Dev,Web-Asp-Net,Web-Net-Ext,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Includes,Web-Security,Web-Windows-Auth,Web-Filtering,Web-Stat-Compression,Web-Dyn-Compression,Web-Mgmt-Console,Ink-Handwriting,IH-Ink-Support

For Windows 2012, run:

Import-Module ServerManager

Add-WindowsFeature Web-Server,Web-Mgmt-Tools,Web-Mgmt-Console,Web-WebServer,Web-Common-Http,Web-Default-Doc,Web-Static-Content,Web-Performance,Web-Stat-Compression,Web-Dyn-Compression,Web-Security,Web-Filtering,Web-Windows-Auth,Web-App-Dev,Web-Net-Ext45,Web-Asp-Net45,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Includes,InkandHandwritingServices,NET-Framework-Features, NET-Framework-Core, NET-HTTP-Activation, NET-Non-HTTP-Activ, NET-WCF-HTTP-Activation45

 

In addition you will need the below

1- Office Web Apps Server from here

2- .NET Framework 4.5 from here

3- PowerShell 3.0 from Here

4- KB2592525 from here

 

AD FS 2.0 Unhandled Exception

At a client side after deploying the AD FS 2.0 for SSO with Office 365, Whenever I tried logging in to the Office 365 Portal, I get redirected to the FS Proxy Forms based and it would show an Unhandled Exception with the view of a Correlation ID.

Now inorder to see what really happened you will need to navigate to the Event Viewer –> Applications –> AD FS Admin and in the view pane just add the Correlation ID tab.

In most cases the error you will be getting is like below

Encountered error during federation passive request.

Additional Data

Exception details:
System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. —> System.ServiceModel.FaultException: An error occurred when verifying security for the message.
   — End of inner exception stack trace —

Server stack trace:
   at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)
   at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at Microsoft.IdentityServer.Protocols.PolicyStore.IPolicyStoreReadOnlyTransfer.GetState(String serviceObjectType, String mask, FilterData filter, Int32 clientVersionNumber)
   at Microsoft.IdentityServer.PolicyModel.Client.PolicyStoreReadOnlyTransferClient.GetState(String serviceObjectType, String mask, FilterData filter, Int32 clientVersionNumber)
   at Microsoft.IdentityServer.ProxyConfiguration.ProxyConfigurationReader.FetchServiceSettingsData()
   at Microsoft.IdentityServer.ProxyConfiguration.ProxyConfigurationReader.GetServiceSettingsData()
   at Microsoft.IdentityServer.ProxyConfiguration.ProxyConfigurationReader.GetFederationPassiveConfiguration()
   at Microsoft.IdentityServer.Web.PassivePolicyManager.GetPassiveEndpointAbsolutePath()
   at Microsoft.IdentityServer.Web.FederationPassiveAuthentication.GetPassiveEndpointAbsolutePath()

System.ServiceModel.FaultException: An error occurred when verifying security for the message.

 

Now this is normally caused by one of the below two reasons

1- The ADFS server identifier URL has been changed to https and using the same URL extension adfs/services/trust. This manifests a bug in the AD FS, so the solution is either to change the HTTPS back to HTTP or change the Extension. You cant have both

This bug is documented here http://social.technet.microsoft.com/wiki/contents/articles/1670.ad-fs-2-0-federation-server-proxy-servers-fail-to-authenticate-users-events-248-and-996-logged.aspx 

 

2- This is not very well documented and was my problem, it was the TIME. Given that I have not joined the proxy servers to the domain, but the federation servers were indeed joined. There was a time skew between both.

So I made sure that the Proxy Servers would always Sync the time from the Domain controller holding the PDC.

Fixing this fixed the problem.

So if you have the same, make sure that you check the above 2.

Sometimes you can face the issue of getting the below when you submit a request

“asn1 bad tag value met”

image

The Solution is simple, do the below

1- Open Up the request in notepad

2- Select File –> Save As

3- Choose ANSI instead of UNICODE

image

Resubmit the request and you should be issued the certificate Smile

Several of my clients always face an issue when they want to renew the exchange certificate from their internal CA which doesn’t have the Web Enrollment installed and configured.

When they try to issue the certificate from the GUI they get the below issue

Denied By Policy Module 0x80094801, The Request does not contain a certificate template extension or the certificate template request attribute.

clip_image002

Now the solution is very easy, once you get a hold of the .req file you need to copy it over to you CA Server and run the below command

certreq -submit -attrib "CertificateTemplate:WebServer" <Cert Request.req>

Then you will be issued the certificate given you have proper permissions.

The OCS & Lync Sign-In Troubleshooter helps diagnose Microsoft Office Communicator and Lync client sign-in issues.

image

Can be found here

http://www.insideocs.com/Tools/MOCLogin.htm or from my BOX

To determine the Rollup that has been applied to Microsoft Exchange 2010, run the following command in the Exchange Management Shell:

GCM exsetup |%{$_.Fileversioninfo}

To determine the Microsoft Exchange version for all Microsoft Exchange Servers in the organisation:

Get-ExchangeServer | Format-Table Name, *Version*

Most companies don’t keep a unified E.164 Structure for users numbers in Active Directory, This offcourse causes lync not to display the numbers for users like below

Hany Nasr George (Available) hany_george@idc.it

Now there is a way to fix that, all you need to do is create a file called

Company_Phone_Number_Normalization_Rules.txt

and place it in your file store defined in your topology under AB folder in the 1-WebServices-1 Folder , so it should look like this

\\FileStoreServer\LyncShare\1-WebServices-1\ABFiles

Now after you create the file, you should fill it with the normalization rules as below

norm

After doing this, you will see as below

image