Exchange 2007-2010: Brief Overview of Changes

 

Exchange 2007

– Routing groups are tied with Active Directory sites and services

– Replication is done using Active Directory replicattion

– Bridgehead server role was eliminated and replaced with the Hub Transport seerver

– Outlook Web Access (OWA) was dramatically improved to similar to 32-bit version of Outlook

– Direct file access (Access shares on servers through OWA)

– OWA provides access to mailbox rules, out-of-office rules, provisioning of Mobile devices, access to digital rights managed content

– LCR – two databases replicated on separate drives on the same server

– CCR – users mailbox replication across servers and sites (fail-over and fail-back capabilities)

 

Exchange 2007 SP1

– Public folders available in OWA

– Standby Continuous Replication (SCR) allowed for offsite, over-the-wan replication of databases with 20 minute replication delays.

– Geo-cluster is possible for remote CCR

 

Exchange 2010

– Server Licensing

– Standard supports 5 database stores

– Enterprise supports up to 150 stores

– User Licensing (non-relating/exclusive to server licensing)

– Enterprise license provides unified messaging, per-user journaling for compliance support, and use of Exchange Server hosted services for message filtering

– No more Recovery Storage Groups (RSG)

– No more STM databases

– OWA enhanced features available to other browsers

– Database Availability Group (DAG, Basically CCR, No more LCR, CCR, SCR)

– Remote execution of EMS commands

Troubleshooting/Debugging BSOD errors

What happens when you get a Blue Screen of Death (BSOD)?  I’m sure almost everyone just says something like “____ Microsoft!”  Unfortunately, most of the time, you would just be using Microsoft as a scape goat.  Why?  According to Microsoft and other gurus, about 70-80% of crashes are caused by 3rd party drivers.  Yep, all those great toys you have hooked up to your computer and the software that control them are most likely responsible.

I have probably just blown your mind or you are probably full of skeptism.  Hopefully these debugging techniques can make you a believer….

Step 1:  Disable auto-reboot on a crash

Step 2:  Create a memory dump versus a Mini crash dump..  This will allow you to get more information from the dumps.

Step3:  Install Windows Debugger tools

Step4:  Set environment variable to automatically download symbols from the Microsoft symbol servers (WinDBG->Source Symbol Path->”srv*C:symbols*http://msdl.microsoft.com/download/symbols”)

Step5: Open the crash dump file located in C:Windows or C:Windowsminidump

Step6: Run “analyze -v” to get list of drivers in the stack text.  If the driver points to one of the Windows core system files (ntoskrnl.exe, win2k32.sys, etc), then you probably have to dig a little deeper.

Step7: Additional helpful debug commands to run to find the culprit

kv – Looks at stack of current thread.  This is used for misdiagnosed analysis.  Look for suspicious drivers

lm kv – Shows version information (dates, etc) of currently loaded drivers to find updates for.

!vm – Check pool usage (if close to maximum, then it’s a leaky driver)

!thread – looks at currently running threads

!process 0 0 – summary level display of processes during crash

!irp <irp from IRP List from !thread> – Associates drivers thread (it’s a hint to investigate)

!poolused (needs to enable on xp and earlier) – Use with Strings

!deadlock

 

 

Debugging mode (F8) – Use when no crash dump created…, needs to connect using usb (modify boot.ini) or serial from another system running windbg

Windbg – File->Kernel Debug

Debug -> Break to connect to crashed system

.dump (saves dump information)

 

Hung system troubleshooting (computer freeze)

– Use crash on control-scrl-scrl (registry setting)

– Check other processors on multiple processors

lm kv <driver name from stack>

A useful print server configuration tool

Have you ever wanted to make a backup of all your printers, it’s shares, the permissions for them, and the drivers on your print server?  Well, Microsoft has a very useful tool that does this.  Furthermore, it also does restores!  I couldn’t believe my eyes either!  It’s great for when you need to setup redundant print server configurations or when you are migrating print servers!

Here it is:

http://www.microsoft.com/WindowsServer2003/techinfo/overview/printmigrator3.1.mspx

Malware,Spyware,Scareware – How to detect and prevent infection…

What is malware and how do I get it?

Generally speaking, malware are malicious software designed to infiltrate a computer system without the owner knowingly allowing it to.  It’s intent is to perform devious acts on or using your computer.   These are programs that generate misleading alerts and false detections in order to convince users to purchase illegitimate security software.

Additional Malware Info

What are the symptoms?

Pop-ups, website redirection, network configuration changes, unresponsive computer, etc…

Information regarding Antivirus2009 Malware

Information regarding Internet Security 2010

How did I get it?

The source usually comes from emails, websites, pirated software downloads, P2P applications, fake video codecs, software exploits (ie. acrobat), etc… The typical scenario is a pop-up that asks you to download and install something.  Once the download and install happens, the malware will take over the computer.

How do I protect myself?

  1. We still live in a world where humans can usually make the best decisions.  This means user training is one of the best method to prevent infections.  Below are a list of things to train users on that doesn’t require a lot of time.
    • Users should be a little paranoid and skeptical when it comes to reading the emails they receive, especially emails requesting actions to be taken. If it sounds important, take the time to read and verify it carefully!
    • Users should make sure they have an SSL connection when making transactions online or logging into banking sites.
    • Exercise caution with e-mail and files received from unknown sources, or received unexpectedly from known sources.  If the email is from someone they know, make sure it has relevant content specific to that person (ie. writing style, context of message, etc.)
    • Users should know sometimes a pop-up can be made to look like a Windows error message. Recognizing legitamite software interfaces can help (Antivirus software, Windows Security Center, Windows Defender, Anti-malware software)
    • Don’t download random software from the Internet until you know it has a valid homepage and user base (look for software reviews for it). Once that’s verified, make sure you download directly from the vendor’s website.
    • Users should understand how a website can be spoofed to go to the wrong website using the HOSTS files.
    • Users should understand that a text link can have a different URL embedded.
    • Don’t install software unless you were intentionally trying to.
  2. Keep Windows and your browser software up-to-date by downloading and applying security updates.
  3. Use an active and updated antivirus and anti-malware application that detects harmful websites, files, and emails. There are many applications out there that are free. Some highly recommended ones are Spybot Webroot, Search and Destoy, MalwareBytes, SuperAntispyware, PC Tools Spyware Doctor.

Removal Tips:

  1. Boot into SAFE MODE. It will give you a more effective platform to work with.
  2. The key is to get the system to allow you to install anti-malware software with the latest updates to slowly remove the programs.
  3. Fix infections and reboot often will get you further along in the removal process.
  4. There is no perfect anti-malware software, therefore, you should run scans using multiple anti-malware software to make sure all malware is removed.
  5. Can’t run/install software due to access permissions – This is usually due to the software restriction in your local security policy or your registry has malicious group policies regarding software restrictions configured.
  6. Can browse website or weird website redirections – Check the Internet Explorer proxy settings. 95% of the time, it shouldn’t be using a proxy. Also, make sure your HOSTS file doesn’t have malicious entries in it.

Windows Server 2008 SSL VPN (SSTP)

Now-a-days, every business is mobile, which means a VPN connection is most likely needed.  The problem is when clients travel to hotels or other countries, where firewall compatiblity and configuration can cause connectivity issues.  Fortunately, there is an answer for this: SSL VPNs.  Since an SSL VPN connection is secure and allowed on almost all firewalls, remote users will have a much more reliable connection mechanism; no matter where they are.  To top it off, SSL VPN (SSTP) is a feature natively bundled with Windows Server 2008.  How cool is that?

How does SSL VPNs help?

  • A NAT device doesn’t need to support PPTP in order for it to work.
  • Specific ports aren’t required to be open on the firewall (think hotels and other countries).
  • Connectivity can be made through web proxy servers.
  • The small footprint VPN client is easily accessible.

Clients supported: Vista SP1+, Windows 7, Windows Server 2008

What are the high level steps involved to setting up Windows Server 2008 SSL VPN connections (SSTP)?

  • Obtain a certificate to be used for your connections (just as if you are installing an SSL certificate for your website)
  • Install IIS on the VPN server
  • Request a certificate for the VPN server using the IIS Certificate Request Wizard
  • Install the SSL certificate
  • Install the RRAS server role on the VPN server
  • Enable the RRAS Server and configure it to be a VPN server
  • Configure the User Account to allow dial-up connections
  • Update DNS (ie. vpn.company.com)
  • Configure the Client to use SSTP and Connect to the VPN Server using SSTP

How-To configure Windows 2008 for SSTP VPN
1.  Install IIS on VPN server with all security settings marked for installation
2.  Create a Certificate Request in IIS console
a.  Make sure common name is actual Internet Hostname clients will connect to (e.g. vpn.company.com)
3.  Cut and Paste the certificate request into your SSL provider’s website
4.  Install any Intermediary certificates and your SSL certificate per your SSL provider’s instructions (DO NOT bind the certificate to a website in IIS)
5.  Install Routing and Remote Access
6.  Load the Routing and Remote Access MMC and run the wizard to enable it (Select Custom -> VPN if you are using only 1 NIC)
8.  Enable Dial-In access for the remote user’s AD account
9.  Enabled SSL connection (port 443) from the outside
10. Update DNS for the domain with the common name of the certificate
11. Test the SSL VPN connection by choosing SSTP in the vpn network connection properties

If the connection doesn’t work, make sure the proper certificate is bound following:
1.  Make sure the right certificate hash is bound (netsh http show  ssl)
a. If necessary, delete and readd the correct certificate binding…
1. Remove binding from IPv4 (netsh http delete ssl 0.0.0.0:443)
2. Remove binding from IPv6 (netsh http delete ssl [::]:443)
3. Delete registry entry for the hash (reg delete hklmsystemcurrentcontrolsetservicessstpsvcparameters /v sha256certificatehash /f)
4. Add binding from IPv4 (netsh http add sslcert ipport=0.0.0.0:443 certhash=<replace with your cert hash> appid={ba195980-cd49-458b-9e23-c84ee0adcd75} certstorename=MY)
5. Add binding from IPv6 (netsh http add sslcert ipport=[::]:443 certhash=<replace with your cert hash> appid={ba195980-cd49-458b-9e23-c84ee0adcd75} certstorename=MY)

Helpful links to configuring SSTP VPN:

  • A step-by-step guide to setting up your own SSTP server is to be found here.
  • Troubleshooting help can be found here, here, and here.

The case of Windows 7 not wanting to install on your hard drive partition

As an IT Consultant, I often find myself mucking with the latest and greatest things before I would even consider recommending them to clients.  The down side to this is the time spent during a Saturday afternoon trying to install Windows 7 Professional 64-bit on my home desktop.  I was so impressed with the RC1 version, that I wanted to deploy it to my single desktop (can’t be worse than Vista… heheh)

Apparently, Windows 7 is very picky about the hardware/harddrive/partition/MBR it’s installed on.  When I ran the installation, my hard drive and the system partition would be displayed, but I could not get it to actually start the installation..

I tried the following, but to no avail:

  • Installed latest drivers
  • Deleted partition
  • Reformatted newly created partition
  • Removed external hard drive and USB key so the only thing left was a single 200GB HD and an IDE cdrom.
  • Using diskpart to set the new partition as an ACTIVE partition

Looking at the setup logs (Shift-F10 -> notepad windowspanthersetupact.log), I saw a bunch of “not system disk”, “not primary partition”, “not enough space”, “not good enough” errors…

Finally, I tried to think outside of the box.  I decided to repair my MBR and Boot record the old fashion way.  I booted off a Windows XP SP2 CD and ran the recovery console.  Once in, I ran “fixmbr” and “fixboot”.  I then rebooted into Windows 7 setup and was able to click Next to continue with the Windows 7 Professional installation.

Hopefully, this technique would work for most of you.  If it still doesn’t work for you, try making sure there’s no USB keys or any other storage device connected when you install.

What does Server 2008 SP2 and Vista SP2 have to offer?

Below is a quick rundown of all the goodies in the new Service Pack for Windows 2008 and Windows Vista.  Of course, SP2 includes all hotfixes and other updates post SP1, but unlike traditional methods, Windows Server 2008 SP2 and Windows Vista SP2 uses the same Service Pack executable, which makes it easier to deploy.

Although this update provides minimal changes, it’s always recommended to do a test rollout before deploying in full.

Warning:

This was taken from Information about Service Pack 2 for Windows Vista and for Windows Server 2008

After you install SP2, a sound device or some other hardware device may no longer work. If this behavior occurs, just install an updated driver for the device. To do this for a sound device, follow the steps in the following Microsoft Knowledge Base article:

948481 How to troubleshoot sound problems that you experience after you install a Windows Vista Service Pack

What it has to offer:

  • Bluetooth 2.1 Support
  • Wi-fi – Uses Windows Connect Now technologies for wireless connectivity and improves on resuming wireless connectivity from a sleep state
  • Power Management – Microsoft touts a 10% increase in power management efficiencies
  • exFat file system extension – Now includes UTC timestamps which helps with file synchronization across time zones
  • Blu-ray data burning capability – Not for making movies, but for backing up files
  • Windows Search 4.0 – faster, better support for Group Policy, able to index encrypted files
  • VIA 64-bit processor support

Windows Server 2008 offerings:

  • Hyper-V 1.0 versus a prelease version
  • Addresses Terminal Server license key issues

Most useful part about SP2:

Service Pack Clean-up Tool (compcln.exe) – Deletes older versions of the RTM and SP1 based files

Requirements:

SP1 has to be installed prior to updating.

Where to get it:

Windows Server 2008 SP2/Vista SP2 (x86, 32bit)

Windows Server 2008 SP2/Vista SP2 (x86, 64bit)

Microsoft Office 2007 Service Pack 2 – Briefing

Backgrounder:

Like everything Microsoft, downloading and applying updates and patches are the key to keeping your computer running efficiently.  Today, we are focusing on Microsoft Office 2007 Service Pack 2.

It has been more than a year (December 2007) since Microsoft has released a single service pack to keep computers up-to-date without having to download a bunch of little patches.  This significantly reduces deployment times for any oganization.  Furthermore, while most service packs are just a compilation of previous released patches and fixes (through February 2009), Office 2007 SP2 will also include feature enhancements and performance enhancements.  Will the PDF support mean the end of downloading Acrobat Reader?  We’ll see…

Release Date:

End of April 2009.

Changes, Fixes, Patches, Enhancements:

  • Support for Open Document Format (ODF), XML Paper Specification (XPS) and Portable Document Format (PDF).
  • Improved Outlook Calendaring reliability.
  • Improved Outlook performance.
  • Enabling Object Model support for Charts in Microsoft Ofice PowerPoint 2007 and Microsoft Office Word 2007.
  • Improved cryptographic functionality by supporting all cryptographic algorithms offered by the operating system.
  • Improved functionality in Microsoft Office Excel 2007 charting mechanism.
  • Ability to ungroup SmartArt graphics (and as a result, the ability to add animations to them in PowerPoint 2007).
  • Ability for Visio 2007 to export UML models to an XML file compliant with the XMI standard.
  • Tool that enables the uninstallation of Office client Service Packs

Where can you get it?

Direct File Download Link

Downloads page link

Release info link

Conficker (aka Downadup) – FAQ

What kind of damange can this virus do?

  • Create administrative accounts on your PC
  • Prevent you from downloading security and antivirus updates
  • Use your computer as part of a Denial of Service (D.O.S.) attack.
  • Could steal personal information
  • Populate your computer with malware pop-ups
  • Erase data on your computer

What computers are affected?

  • Unpatched Microsoft Windows operating systems (Microsoft Windows 2000, Windows XP, Vista, Windows Server 2003, and Windows Server 2008 systems)

What are some of the symptoms of being infected by the Conficker worm?

  • Windows Security Center will not work.  You can verify this by Start -> Control Panel -> Security Center
  • Account lockout policies are being tripped.
  • Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender, and Error Reporting Services are disabled.
  • Domain controllers respond slowly to client requests.
  • The network is congested.
  • Various security-related Web sites cannot be accessed (Symantec, McAfee).
  • Disable commercial antivirus software
  • Turn off Microsoft’s security update service

How do I prevent infections?

  1. Patch your Windows operating system with the following patches:  MS08-067
  2. Install the latest security updates from Microsoft
  3. Make sure you are running up-to-date antivirus software and definitions from a trusted vendor (Mcafee, Symantec, Eset, Microsoft, etc…)
  4. Disable the AutoPlay feature through the registry or using Group Policies
  5. Exercise caution in what websites you visit
  6. Don’t open file attachments unless you have verified that you know the person who sent them and that they really meant to send the attachment.

How does the software spread?

  • Exploitation of the vulnerability that is patched by security update MS08-067 , MS08-068 a MS09-001
  • The use of network shares
  • The use of the AutoPlay functionality

How do I remove the worm from an infected computer?

  1. Disconnect the infected  computer from the network and the Internet.
  2. Install the patches below.  Use an uninfected computer to download the patch if necessary:  MS08-067 , MS08-068 a MS09-001
  3. Reset your system passwords to admin accounts using more sophisticated ones.
  4. Download and run the Conficker remover
  5. Reconnect your computer back to the network
  6. Update your antivirus application and definitions
  7. Install Microsoft updates

How do I protect my computer from similar threats?

  1. Enable Automatic Updates for your Windows computer
  2. Set your antivirus and definition update schedules to be more frequent (1 or 2 times a day)
  3. Exercise caution in what websites you visit
  4. Use caution when you see pop-ups on your screen (e.g. false virus notifications)
  5. Don’t open file attachments unless you have verified that you know the person who sent them and that they really meant to send the attachment.

What can Windows Server 2008 do for you?

I know there are many websites that lists a bunch of features of Microsoft’s latest Windows Server 2008.  I also know that these lists sometimes forget the fact that technology in the workplace is only as good as the business value benefited from it. I understand that during these tough economic times, migrating and upgrading your systems to Windows Server 2008 will be an option that is heavily scrutinized.  Hopefully, this blog entry will help you create an informed decision for your business.

Below are the features that stand out to me when deploying Windows Server 2008. I will try to explain how these features can translate to a more secure, efficient, and stable network.

Active Directory

  • Restartable Active Directory Domain Services (RADDS)
    Essentially, this increases uptime for a domain controller and it’s installed services. Currently, when security patches must be applied, offline defragmentation or authoritive restores must be performed, the entire server has to be rebooted.  This equates to significant downtime for ALL the services provided by the server. If this was a heavily used server, such as a file server, a lot of users would end up calling the IT department.Scenario:

      Lets say an Active Directory object needs to be restored from backup. Previous to Windows Server 2008, a server would have to be restarted in Directory Services Restore Mode.  During this time, ALL services provided by that server would be offline. Then, once the restore is complete, we must restart the server again. Now, with RADDS, you only need to stop the service, perform the restore, and restart the service.  Meanwhile, your other services are still working.

Translated Value:

    Increased uptime, Simplified restoration of Active Directory objects.

Business Circumstance:

    This is useful for all businesses.
  • Read-Only Domain Controller (RODC)
    Back in the good ‘ol NT4 days, Microsoft had primary and backup domain controllers (PDCs and BDCs).  The backup domain controllers would be Read-Only.  Then, they touted the multi-master capabilities of Active Directory for Windows 2000/2003. What they didn’t tell you was the best solution was “C. All of the Above“. In Windows Server 2008, we can have multi-master domain controllers AND read-only domain controllers. When would you use either of these scenarios?  Well, you would want multi-master replication for Fault Tolerance and Management Simplicity.   Now, an RODC would allow for increased security since the LDAP database can not be tampered with. Unfortunately, there are limitations that might negate the benefits of this.  Essentially, the RODC needs to have access to a writable Domain Controller in order to perform basic functions, such as DNS updates, password changes, and user authentication (if not cached on RODC). There could also be software compatibility issues.Translated Value:

      This is a feature that’s great to have, but wouldn’t benefit an existing organization tremendously.

Business Circumstance:

    This is most useful for medium/large businesses with multiple locations.

OS Enhancements

  • NTFS Self-Healing
    As with previous operating systems, when a file on the NTFS filesystem becomes corrupt, there’s no way to know unless you a) run chkdisk b) try to open the file.  Of course, if you periodically run chkdsk to detect corruptions or try to open a corrupt file, you would have to reboot your server to fix it. This is not the case with Windows Vista and Windows Server 2008.  In 95% of the cases, it will automatically detect a corruption in your filesystem and attempt to fix it at the same time.  This eliminate the need to reboot.  I’m sure everyone knows the disadvantages of having to reboot a computer by now (read previous sections).Translated Value:

      Higher uptime, important data is recovered

Business Circumstance:

    This is useful for all businesses.
  • Server-core
    Everyone can agree that Microsoft has it’s GUI advantages over Linux, while Linux has it’s high stability and security aspects due to it’s lack of “fluff”.  Well, as Linux tries to enter the Desktop market, Microsoft is trying to imitate Linux with Server-core. IT provides a minimal (non-GUI) OS environment for running specific server roles, which reduces the attack surface for those server roles.  Similar to Linux, in which you would manage your server from an SSH connection, Server Core could be managed from the local command console, Terminal Server connection, or using the MMC console. Once again, Server-core can only provide a subset of the full roles available to a full installation.  Server-core can provide the following roles: Active Directory Domain Services (AD DS), Active Directory Lightweight Directory Services (AD LDS), DHCP Server, DNS Server, File Services, Print Services, Streaming Media Services, Internet Information Services (IIS), Windows Virtualization.Translated Value:

      Increased security and performance gains, and ease of deployment due to low footprint.

Business Circumstance:

    This is most useful for medium/large businesses with multiple locations.
  • Terminal Services Gateway (TS Gateway)
    Lets say you had to remotely connect to multiple servers at the Office, yet you are prevented from using a VPN connection. What do you do?  Well, there are many ways around this, including the use of 3rd party applications, but Microsoft has blessed us with their solution. A TS Gateway securely proxies applications running the RDP protocol (Remote Desktop, Remote Applications, etc..) through SSL encryption.  This negates the typical firewall configurations necessary to allow VPN tunnels to be created.Translated Value:

      Mobile Office is even more robust. You can truly access your servers and workstations from anywhere.

Business Circumstance:

    This is most useful for businesses running Terminal Services or those with lots of servers.
  • Terminal Services Remote Application (TS Remote Application)
    Aligned with their virtual application technology, TS Remote Application uses the RDP protocol to allow users access to specific applications stored on a server. Instead of using more computing resources than necessary and  providing access to an entire Desktop, users can now be limited only to the capabilities of the application. Advance connection policies can be set in place to maintain compliance with security policies set within the company.Scenario:

      Accounting staff requires access to the Quickbooks server when they are offsite.  Using a VPN connection alone is not an acceptable solution since the data transfer size is too large. The use of Remote Desktop through a VPN connection would work, but that can cause unecessary confusion for users. With TS Remote Application, the Quickbooks application RDP file can be exported on a users’s desktop.  When they run the file, either locally or remotely, they will see the Quickbooks applications open on their computer. This application is actually running on the remote computer, but the interface is exactly the same as if they opened it locally on their computer.

Translated Value:

    Granular access to applications, secure access to network resources, improved capacity and performance for Terminal Services applications

Business Circumstance:

    This is most useful for businesses running Terminal Services or those with lots of servers.
  • Windows Deployment Services (WDS)
    This service allows is the needed replacement for Remote Installation Services (RIS). Windows Deployment Services enables you to deploy Windows operating systems, particularly Windows Vista, using images and PXE booting. I know there are 3rd party applications that provide this capability in a more simplified manner, but they are often too costly. Once setup, WDS is a pretty cool application.  It works well and have few heart-stopping limitations.Translated Value:

      You can setup new Microsoft workstations quickly and in an automated way.

Business Circumstance:

    This is most useful for new businesses or ones that are growing in the near future.
  • Hyper-V
    Here’s the deal.  The IT industry is realizing that on average, the load on a server is pretty low due to minimal resource usage and advancing. This results in wasted Energy Costs and lower Return on Investment (ROI) in the hardware. Hyper-V is a hypervisor-based virtualization technology that allows servers to run multiple instances of Microsoft and certain Linux distributions. What is sometimes overlooked when it comes to virtualization is the ease and consistency in obtaining a solid backup and recovery of files using snapshoting technologies.  Also, the management of these virtual servers are simplified since there is only one platform to work off of.Translated Value:

      Increased efficiency of resources, increased stability, reduction in cost for new server deployments, High availability, increased security.

Business Circumstance:

    This applies to all businesses.  From consolidation to saving on energy costs, virtualization is beneficial for all businesses.