Migrating Mailbox to Cloud Fails in Hybrid Exchange Deployment

If you attempt to migrate an on-prem mailbox to Exchange Online using the Office 365 portal and it fails, there are several steps to take to correct the issue. This article assumes you have DirSync installed and are using it to sync your passwords.

Start by checking that the user has an Exchange license in Office 365 by using the portal. Lack of an Exchange Online license may cause migration failures.

Migrating 5

To check, go to the Admin page in the Office 365 portal

Migrating 1

Find and select the user

Migrating 2

 

On the user profile page, go to licences and select the location and both the Exchange Online and SharePoint Online licenses, save

Migrating 3

This may solve the problem. Wait a minute or so and attempt to migrate the mailbox again. If it doesn’t work, move on to the next steps below which are more complicated.

Migrate mailbox from on-prem Exchange to Office 365 with powershell 

First step is to download and install Windows Azure Active Directory Module for Windows PowerShell. Once installed, start the PowerShell module on a domain joined machine.

ad azure ps

 

To connect to a session, cut and paste these following PowerShell commands all at once, hit enter when needed to execute. The first two prompts require Office 365/Azure global admin credentials, in full email or “domain\username” form. The last prompt requires local admin credentials in full email or “domain\username” form.

Import-Module MSOnline
Connect-MsolService
$LiveCred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
Import-PSSession $Session
$OnPremAdmin=Get-Credential

 

Disable Birthday Notifications in Windows 10 Lock Screen and Desktop

birthday 4

After upgrading to Windows 10 you may have noticed birthday reminders on your lock screen or desktop popping up for people you may not even remember. Because of integration with LinkedIn, other email services and social media sites anybody you have every had a connection with has a birthday notification. And if you know enough people everyday is somebody’s birthday, sometimes several somebodies. Personally, I only need to remember birthdays of my immediately family members. Everything else is just noise.

To correct this open the Windows 10 Calendar app. Either select All apps from the start menu and find it in the list or type Calendar in the search box.

birthday 2

With the Calendar app open, uncheck Birthday Calendar for all accounts that you have connected to Windows 10 apps.

 

birthday 3

This should disable any unwanted birthday notification associated with Windows 10 apps. If you have any third party apps that provides notifications, you will have to configure the settings in that app.

 

Outlook Stuck Working Offline After Installing Office 2016

outlook offline 1

Working Offline in Outlook used to be solved by just clicking a button in the Send / Receive tab. This message appears on the lower right border when Outlook is Working Offline but it is not a button, only a status message.

If you just installed Office 2016 and Outlook is stuck in offline  mode you may be having difficulty trying to get it back into online mode. This is because there is no longer a button in the Send / Receive tab like in Office 2013.

Luckily there is an easy fix! Just reboot your device and the problem will solve itself. You may be prompted to log into Microsoft services on your computer if you have an Office 365 or Exchange online hosted email account. Fill in all passwords when required and you should be back in business.

 

 

How to Add Group Policy Templates (.admx) for Windows 10

admx

Microsoft has recently released the Windows 10 Group Policy templates (.admx) to assist organizations manage Windows 10 devices using GPO. This article describes how to install the new Windows 10 policy definitions in your domain.

Download the ADMX files Microsoft Administrative Templates for Windows 10. Also download the Windows 10 ADMX guide from Microsoft. Login to a Domain Controller in your network and find the path to your SYSVOL. If you have a Central Store the Sysvol has a different path than if it is local on one Domain Controller.

Open the msi installer to start, select next

admx1

Select agree and next

admx2

The default path is local, to change the path from default select browse

admx3

If you have a Central Store for ADMX files, the location should be the same or similar to the path below, just replace <your_domain> with your domain name (domain.com). Learn more about making a Central Store here.

C:\Windows\SYSVOL\sysvol\<your_domain>\Policies\PolicyDefinitions

Select the path to install the ADMX files

admx4

Select next

admx5

Installation completes

admx6

Click here to learn more about managing Group Policy AMDX files.

Issues with SonicWALL NetExtender after Windows 10 Upgrade

My team and I had been running Windows 10 Insider Preview for a while but only inside our domain. Like millions of others I upgraded my home machine to Windows 10 Pro on July 29th. Besides some issues with my Nvidia video card, it all seemed to be working nicely. Until I tried to VPN into a network with Dell SonicWALL NetExtender client.

NetExtender could connect fine and could even ping the network I was connecting to but no other protocols were available, like http, https, RDP. Not much info was found on the internet, all searches turned up “Cannot connect to Windows 10 through VPN”.

After trying multiple false starts I discovered the solution. There is a modern Microsoft App that allows the VPN connection without issues: SonicWALL Mobile Connect. There are iOS and Android versions too.

Steps:

Download and install the app for Windows 10

Open PowerShell as Administrator and execute the following commands. If needed, replace the bolded text with new values.

  • Check the port on your previous NetExtender installation, usually 4433
  • Choose a name for the network connection in Windows (VPN)
  • Enter the public IP address for your firewall, or FQDN is applicable

$xml = “<MobileConnect><Port>4433</Port></MobileConnect>”

$sourceXml=New-Object System.Xml.XmlDocument

$sourceXml.LoadXml($xml)

Add-VpnConnection -Name VPN -ServerAddress 69.1.1.1 -SplitTunneling $True -PluginApplicationID SonicWALL.MobileConnect_cw5n1h2txyewy -CustomConfiguration $sourceXml


You will create a VPN connection in WIndows. Opne Network Connections in the control panel to verify it has been created.

To use the VPN connection, select the Network icon in the lower right corner of your screen and select the VPN you just created.

In the dialog window select Connect. Enter your credentials if prompted. If needed you can precede the username with a domain name (ie domain\username) in the Username field.

sonicwall connect4

I hope this was helpful!

Windows 10 Release

Yesterday Microsoft released Windows 10 into the wild. Besides some minor gotchas, it appears to be the best release of any new Windows to date. The clean look and refreshed user interface is impressive even if it is channeling the spirit of Apple left and right. It is almost like 75% of the Microsoft UX designers own Apple devices.

But really…is this Windows 10 or Windows 8.3 with automatic updates? The development cadence is quicker than in the past. It is like the dev guys at Microsoft were coming up with new features for the next Windows 8 release and had a meeting with Marketing who said, “whoa hold up pocket protectors, we need to make a clean break” hence a newly branded OS was released slightly before its time. Below are the Windows release and end-of-sales dates from Microsoft’s Windows lifecycle fact sheet.

Microsoft isn’t the only company strategically building a subscription model that emphasizes “services” that you never stop paying for. Obviously much better for their profitability. This trend, that started picking up momentum over 10 years ago, has really accelerated the last 5 years with associated catch phrases like cloud.

Nothing is really ‘free’ it seems, there is always a catch. Microsoft is just providing the vehicle to lock consumers into their shiny new ecosystem, like an operating system with the ‘in-app purchases’ we often see elsewhere. The first indication is Solitaire is a paid subscription based app on Windows 10 if you want to avoid the ads. Monetizing Solitaire, really?

The ads are actually the scariest part. I don’t own a TV and I use AdBlock Plus for Chrome. I never see ads. It has been so long that when I accidentally see an ad now it’s almost traumatic. Ads built into my OS are extremely unwelcome. I would have to get a Mac, I couldn’t handle it. The new Windows 10 browser Edge does not yet have support for extensions like AdBlock Plus. That means I won’t be using Edge for anything but online Microsoft products.

Yesterday when I upgraded my home computer to Windows 10 Pro, it freaked out. After the upgrade, it restarted several times and choked each time. The screen was black with a small cursor in the upper left corner. My heart sank. Apparently there was a Faulty Nvidia driver pushed out with the final release that millions of people downloaded. I happen to have an Nvidia video card. It finally worked because Redmond was quick to patch it again but this was definitely a wrinkle in the overall smoothness.

I drank the cool aid a long time ago and I genuinely like the new direction that Microsoft has been going in the last few years…but it’s not 100% yet. While they got a lot of it right in this latest release, Microsoft appears to be continuing some of the less than popular traditions like rushing things out the door and fumbling a bit with the initial release. All that aside, I like Windows 10 so far!

 

Nvidia Video Card Problem in Windows 10 Upgrade

If you have an Nvidia video card and you had a problem when upgrading to Windows 10, you are not alone. Apparently Microsoft borked a lot of computers by pushing out a questionable driver for Nvidia GeForce video cards. My computer was one of them.

I have a GeForce GTX 980 that usually rocks. After the upgrade everything went blank on the final restart. I had to hard restart the machine because it froze on boot three times. Once I got Windows to boot, I tried to open an application that failed and returned a video card error. I was like, oh nooooooo not again! The curse of Microsoft. I opened Nvidia GeForce Experience and tried to update it, failure. I manually downloaded the latest Nvidia drivers and tried to install, failure. I tried to uninstall the apps and drivers from Windows, failure.

do familiarAt this point, I was getting a little worried because I had already restarted several times. The restarts would get locked up with a black screen or black with a little cursor in the upper left of the screen. I tried to force Windows Updates to ensure it had the latest drivers but Control Panel had no Windows Update page I could easily find. I eventually restarted the machine and it worked because of the new Nvdia driver update Microsoft rushed out, but only after lots of stress and cussing. So you should let Windows update itself again after install and restart it to get it to work.

As an IT professional, I wanted to assess the latest Windows to see if it is worth the trouble of deployment in our production environment. It appears that the traditional caution IT Departments treat the initial Windows releases with is still very relevant, even with a whole year of Windows Insiders testing it to find the bugs. While Windows 10 makes a great first impression, we will take long arc when testing it for our environment.

 

How to Increase the Frequency of DirSync Synchronization

After installing the latest version of Windows Azure Active Directory Sync (DirSync) you may want to increase the frequency of synchronization between your AD organization and the cloud. To accomplish this open the Administrative Tools folder on the DirSync server and open Task Scheduler.

If everything has been configured correctly you will see a task called: Azure AD Sync Scheduler, double click that task

task1

There is a local account created by DirSync that is used for this task indicated where the green box is, if you want to make changes to this Task you have to set the password for this user in Computer Management > Users and Groups or you can create and use a different user account that has full admin privileges

task5

Select the trigger tab

task2

Set the task the repeat at the desired replication time, maybe 15 minutes or 1 hour is fine for your organization, it is up to you, select ok to save

task3

You will be prompted for the password from the general tab to be able to save, once you saved you are done and DirSync will run every interval you have selected!

taskpassword

If you would like a way to force DirSync easily, set up a shortcut. Learn about it in this article.

How to Install the New Windows Azure Active Directory Sync (DirSync)

 

ActiveDirecotry2Windows Azure Active Directory Sync (DirSync) has gone through many iterations just in the last few years but the good news is it is getting easier to install and use. It used to be quite  pain to reinstall or migrate.  DirSync is the easiest way to sync your AD organization to Microsoft’s cloud including Azure, Office 365 and Exchange Online.

The current version can be downloaded here:

Windows Azure Active Directory Sync (DirSync)

If you have an older version of DirSync and want to move to the latest version I highly recommend it because the newer one is easier to use. To force sync on the older versions you click a lot in miisclient.exe in a very specific sequence or run PowerShell commands. The last iteration even included a script that had to be launched from PowerShell itself. It was not optimal for daily management.

If you are starting with a fresh install skip to the How to below. As you can only sync from one server at a time, there are only two possible scenarios if you had an older version installed already:

  1. Install on the same server – because the architectures are a bit different you can simply remove the old version of DirSync using Programs and Features and install the new version.
  2. Install on a different server – disable the service Azure Active Directory Sync on the old server or completely uninstall it and use the instructions below to install on the new server.

How to Install Windows Azure Active Directory Sync

Because the architectures are a bit different you can simply remove the old version of DirSync using Programs and Features and install the new version. Use the download link above to download the lastest version and open the exe file.

1

After you agree to the terms and select install it will run for a bit and disappear. Look on your desktop for this icon and open it.

icon-dir

You are now in the configuration window, enter your cloud credentials

2

Enter your on-prem credentials and select add forest and next

3

Configure any user matching parameters required, but the default is usually fine

4

Do not select any of these options at this time so you can setup and test the connection

5

Select next

6

Keep the Synchronize now box unchecked and select Finish

7

This is a good time for a restart to ensure you have been added to the appropriate security group and just to clear out any potential issues before you test the connection and finalize the configuration.

Once you restart, open the Synchronization Service, there should be a new icon on your desktop. This app is the replacement for miisclient.exe.

sync serv

You can observe what is being synced here and also check for errors with this app

sync mgr

Now we need to test if the configuration worked before we set the configuration to automatically sync. The easy way is to force synchronization with a shortcut.

How to Force DirSync Synchronization with a Shortcut

Right click anywhere on your desktop and select New > Shortcut

short

Paste this target box and select next

“C:\Program Files\Microsoft Azure AD Sync\Bin\DirectorySyncClientCmd.exe”

Choose a name, Finish

force

Once saved, select the new shortcut to test

force sync cmd

You should see the synchronization steps listed in the Sync Manager, any errors will show up in the lower right box

sync manager list

Sync successful! open up the Directory Synchronization tool again from the icon on your desktop and configure it for auto sync. Check the boxes for password synchronization and enable Synchronization on the last page.

If you ever need to remove DirSync from the server, go to Programs and Features and uninstall Windows Azure AD Sync and it will uninstall all other parts automatically.

uninstall

Read this article to learn how to increase the synchronization frequency of DirSync.

Hope this helps!

What is the difference between VMware ESX, ESXi, vSphere and vCenter?

It is quite easy to confuse the VMware products ESX, ESXi, vSphere and vCenter. The purpose of this article is to demistify the whole thing. But first a little background. Virtualization technology allows multiple servers to be installed on the same physical machine. In just the last five years server hardware capability has increased so much that you can virtualize just about any server on the market today. This has enabled organizations to do a lot more with fewer resources.

For those new to VMware a brief explanation of VMware’s core offerings can help to minimize confusion. There are several layers/dimensions: the bare metal server, the hypervisor, the management server and the OS layer. VMware calls the whole thing vSphere but that is a bit confusing.

ESX and ESXi are the hypervisors that most commonly sit right one on bare metal. On “bare metal” means that is the first thing you install on the server before any OS. ESX is used for large scale custom implementations but for most of us ESXi is all you will need because it is easier to configure and more common for typical deployments. In the above picture the bare metal machine is the lowest level indicated by the gray box,  the ESX/ESXi layer is the blue section that says VMware.

ESXi has a tiny footprint when installed and takes up as little as a few hundred MBs on a drive when fully installed. I ran ESXi from a USB stick on a Dell R510 without issue. This is because it is basically just a liaison between the hardware and the OS layers. This is simplifying it for a quick explanation.

ESXi is a fairly uncomplicated to install and configure. Once it is installed and the IP address, subnet, gateway and hostname are configured it is ready to be managed with vSphere Client, the standard VMware management platform.

vSphere is the client application that you use to manage EXSi hosts, VMs and vCenter. It can be installed on any computer including workstations or servers, whether physical or virtual machines. However, if using vSphere to manage ESXi hosts directly without vCenter, you don’t get all the bells and whistles like HA and vMotion.

vSphere

vCenter Server (installed on Windows) or vCenter Server Appliance (standalone) provide the rich feature set and management components to accomplish much more than the typical hypervisor. There is High Availability and virtualization automation capabilities that make your data center quite resilient.

A newer addition to the ecosystem is the Web Client Plug-in, which supports access to the new features in ESXi and vSphere 5.5 and 6.0. The Web Client is version 5.5 is not as user friendly as the vSphere Client but version 6.0 is big improvement.

If you have not already done so, find an old server, install VMware ESXi and get virtual!