Sep 232016
 

There’s quite a few of us that started off deploying Small Business Server (SBS2008, SBS2011) environments back in the day, loving the handy all-in-one package taking care of everything from Active Directory and Exchange, to disaster recovery and business continuity. However, some of these old environments are starting to catch up with us. I wanted to open a discussion on a big issue I had a couple years ago in one of my first migrations from SBS 2008, to Windows Server 2012 R2 with the Essentials Experience role installed, with Exchange Server 2013.

As most of you know, SBS comes packaged to push “.local” domains on initial domain configuration. This used to be considered best practice, and most of us even configured .local’s on non-SBS environments. This has never really posed any problems for us I.T. guys, except for a few configuration considerations when setting up Outlook clients, DNS, etc…

Now if you’re like me, another thing I always configured, was user accounts that didn’t match e-mail addresses. An example would be “John Doe”, with the username of “JohnD”, and the e-mail address of “John@contoso.com”. Also, our buddy John Doe would have a AD UPN JohnD@internaldomain.local (this was automatically populated on user setup)

User’s Name: John Doe

SAM Account Name: INTERNALDOMAIN\JohnD

Username: JohnD

AD UPN: JohnD@internaldomain.local

E-mail Address: John@contoso.com

 

I always liked this as it provided some protection if the users password ever got compromised (in a phishing attack, fake e-mail logon page, etc…), as the password could not actually authenticate when using the e-mail address as a username (the username was never actually provided in the attack, only e-mail).

Now let’s flash forward to this migration from SBS 2008, to Windows Server 2012 R2 with Essentials Experience, and throw Exchange 2013 in to the mix. Right off the bat, everything is working fine, Outlook 2010 is working great, Outlook 2013 is working great. Then BAM, Outlook 2016 comes out!

Outlook 2016 does not allow manual or custom configuration of Exchange accounts. They do this for “reliability” and ease of configuration. This means that you HAVE to have autodiscover setup, and working fluidly. No more manual configuration. Internally inside of the LAN this is all automatic if you configured Exchange properly, but you will have to configure autodiscover externally.

Internally on the LAN, Outlook 2016 clients have absolutely no issues, and authentication is working fine (no password prompts). However, when configuring external users, while you can eventually get it configured, the user is constantly prompted for credentials on every Outlook start.

On these password prompts, you’ll notice it’s authenticating for the users e-mail address. In this example, it’s asking for “John@contoso.com” and you enter: “INTERNALDOMAIN\JohnD” and their password, it work for the session, but keeps prompting on every fresh Outlook start.

I did massive amounts of research and seriously I could not come across one article that actually provided all the information I needed, it almost seemed as if this problem was specific to this single environment. Of course, this makes me think I have something configured incorrectly, and I literally spend forever searching for information, checking my VirtualDirectories on my Exchange server, checking logs, wasting tons and tons of time.

Finally after checking my configurations 6-10 times each and spending weeks, I realized it had nothing to do with anything configured incorrectly.

Outlook 2016 does all the configuration automatically, and expects to find everything it needs via auto discover. Putting it simple, the user’s UPN must match their e-mail address.

This means we have to change John Doe’s Active Directory UPN to match his e-mail address. The SAMAccountName still remains the same, so his login to his computer will not change, however after the change he will now be able to log in both with INTERNALDOMAIN\JohnD and John@contoso.com.

First we have to add the UPN suffix (which is the actual e-mail address domain name) to the Active Directory Domain and Trusts. Instructions are available here: https://support.microsoft.com/en-us/kb/243629

After adding your e-mail domain to the UPN suffix list. When you go in to “Active Directory Users and Computers”, and view a user’s properties, you’ll notice in the UPN section, you can drop it down and change it from internaldomain.local, to contoso.com (using my example domains). You can also change the username inside of the UPN.

 

Essentially for Johny boy, his AD properties window now looks like:

User Logon Name:

John@contoso.com (we changed the name, and chose the external domain in the drop down to the right)

User logon name (pre-Windows 2000):

INTERNALDOMAIN\ JohnD (we left this the way it was)

 

John can now login either using “INTERNALDOMAIN\JohnD” or “John@contoso.com”. As far as John is concerned we haven’t changed anything and he still logs in using the same format he always has, totally unaware of any changes.

Surprise surprise, autodiscover is now fully functioning for this user. Not only for easy configuration on mobile devices (iPhones, Windows Phones, etc…), but he can now load up Outlook 2016 away from the LAN on the Internet, type in his e-mail address, password, and BAM he’s good to go!

I am a little bit unsettled in the fact that the e-mail address now becomes a fully accepted username on the domain (for security reasons), but I guess we’re stuck with that!

 

In short, our problem is:

  1. Username doesn’t match e-mail (JohnD username, John@contoso.com email)
  2. Running Outlook 2016 and forced to use auto-discover, repeated password prompts
  3. Running .local domain internally, while using different domain externally

In Short, to fix this:

  1. Add UPN Suffix to Active Directory
  2. Change users properties so that UPN matches e-mail address, DO NOT CHANGE the old DOMAIN\Username setting

Other Considerations:

  1. Password prompts on Outlook clients can mean a whole bunch of different problems totally unrelated to this configuration and issue. Always fully diagnose the issue and confirm the issue before applying fixes. Password prompts can mean authentication problems, problems with Exchange’s virtualdirectories, issues with autodiscover, issues with certificate configuration, etc…
  2. If this is your specific issue, you can write a script to run through and update the UPNs on all the accounts. I generally don’t like scripts touching user accounts, so I’m slowly rolling out these changes per user when upgrading them to Outlook 2016. Doing this one by one as we upgrade, allows us to make sure that none of their mobile devices are affected by the UPN change.
  3. Since we are changing UPNs, this could have a major effect on any 3rd party applications that integrate with Active Directory that use UPNs. Always test, and make sure you don’t break any integration points to your 3rd party applications or line of business systems.

 

Sep 232016
 

Well, recently one of the servers I monitor and maintain in a remote oil town recently started throwing out a Windows event log warning:

Event ID: 129

Source: HpCISSs2

Description: Reset to device, \Device\RaidPort0, was issued.

 

The server is an HP ML350p Gen8 (Windows Server 2008 R2) running latest firmware and management software. It has 2 RAID Arrays (RAID1, and RAID5), and a total of 6 disks.

Researching this error, I read that most people had this occur when running the latest HP WBEM providers, as well as anti-virus software. In our case, I actually tried to downgrade to an older version, but noticed the warning still occurs. While we do have anti-virus, it’s not actively scanning (only weekly scheduled scans).

In the process of troubleshooting, I noticed that under the HP Systems Management Homepage, one of the drives in the RAID1 array, had the following stats:

Hard Read Erros:  150
Recovery Read Errors:  7
Total Seeks:  0
Seek Errors:  0

I found these numbers to be very high in my experience. None of the other drives had anything close to this (in 4 years of running, only one other disk had a read error (a single one), this disk however had tons. For some reason the drive is still reporting as operational, when I’d expect it to be marked as a predicted failure, or failed.

While all online documentation was pointing towards at locks on the array by software, from my own experience I think it was actually the array waiting for a read operation on the array, and it was this single disk that was causing a threshold to be hit in the driver, that caused a retry to recover the read operation.

Called up HPe support, I mentioned I’d like to have the drive replaced. The support engineer consulted her senior engineer and reviewed the evidence I presented (along with ADU reports, and Active Monitoring health reports), the senior engineer concurred that the drive should be replaced.

Replacing the drive resolved the issue. I’m also noticing a performance increase on the array as well.

Make sure to always check the stats on the individual components of your RAID arrays, even if everything is operating sound.

Sep 102016
 

When initiating manual backups or occasionally when automatic/scheduled backups run, a user may notice that Windows Server Backup may appear to “hang” when the status is reporting: “Preparing media to store backups…”.

In some rare cases, it may actually be in a hang state, however most of the time, it’s actually consolidating and/or checking previous backups on the destination media.

To Confirm this:

Open the Task Manager as Administrator, then click on the “Performance” tab, click on “Open Resource Monitor”. Flip over to the “Disk” tab, expand “Disk Activity”, and sort by name. You should see the read requests on the destination media, you’ll also notice that it is slowly progressing consecutively through each backup set (increments of 1, accessing multiple at a time).

This confirms that the Windows Server Backup services are functioning and it is in fact running. In one case, I had 723 previous backups, and it took around 50 minutes to count from 1 to 723, and then the backup finally proceeded.

I have also seen this occur when a previous backup failed or was cancelled. This occurs with Windows Server Backup on Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012 R2.

Sep 082016
 

If you’re like me, you probably have your Microsoft account configured the same as your e-mail address. While many people use @live.com or @hotmail.com addresses, some of us prefer to use our actual real e-mail addresses as Microsoft account logins.

Recently, I did a fresh install of Windows 10 on my Microsoft Surface Pro. After joining the Surface to my domain, and attached my Microsoft account, I went to add my Exchange account (which is the same e-mail address I use for my Microsoft account). When trying to add, I was presented with:

There’s already an account set up to use <e-mail address>. (Account Name)

This message stopped me from configuring my Exchange account with the Windows 10 Mail, Calendar, and People apps. Researching this, I noticed numerous other people reporting this problem on multiple forums, however no one had a fix.

It appears there is a conflict with the Microsoft Account (which of course has it’s own mail, calendar, and contacts), and a separate account with the same e-mail address.

To resolve this, I restarted the machine, and logged in using a different account. I then went to “System” under control panel, “Advanced System Settings”, “Advanced” tab, then “Settings” under “User Profiles”. I then proceeded to delete the user profile and restart the system. I confirmed the user profile was fully deleted and then logged back in. Now at this point, the key is to create the Exchange (or any other mail account) before you actually attach your Microsoft account to your system login account. By configuring the e-mail account first, it will avoid this issue.

PLEASE NOTE: By deleting your user profile, you delete all of the contents of the Desktop, My Documents, Music, Pictures, settings, etc… I’d only recommend this if you have either backed up, or are performing this on a fresh install where you currently don’t have any files.

Aug 202016
 

I just wanted to create a post about this file. I’m sure some admins have seen this and wondered what it was. The “BitlockerActiveMonitoringLogs” file on the system root directory, present on Microsoft Exchange 2013 servers.

I first noticed this on a clients setup, at first assuming the worst believing the system may have been compromised. However I have seen this file on multiple Exchange installs, on multiple clients, even in my own environment, and can confirm is it present no matter what the CU release level is, thus confirming it has nothing to do with being compromised.

Date modified I’m expecting reflects last system boot-up.

Surprised to see that there are no articles online regarding this file when searching for it specifically, so I decided to create this post to let you know you’re not alone, and the file probably is a system file.

Jul 302016
 

I write today to report of a minor glitch I have identified and confirmed with 2 different HPe MSA 2040 SANs. I’ve identified the issue with multiple firmware versions (even the latest version as of the date of this article being written). The issue stops e-mail notifications from being sent from the MSA 2040 when the SAN is configured with some SMTP relays.

The main concern is that some administrators may configure the notification service believing it is working, when in fact it is not. This could cause problems if the SAN isn’t regularly monitored and if e-mail notifications alone are being used to monitor its health.

 

Configuration:

-MSA 2040 Dual Controller SAN configured with SMTP notifications

-SMTP destination server configured as EXIM mail proxy (in my case a Sophos UTM firewall)

 

Symptoms:

-Test notifications are not received (even though the MSA 2040 confirms OK on transmission)

-Real notifications are not received

-Occasionally if numerous tests are sent in a short period of time (5+ tests within 3 seconds), one of the tests may actually go through.

 

Events and Logs observed:

/var/log/smtp/2016/06/smtp-2016-06-20.log.gz:2016:06:20-20:44:29 SERVERNAME exim-in[16539]: 2016-06-20 20:44:29 SMTP connection from [SAN:CONTROLLER:IP:ADDY]:36977 (TCP/IP connection count = 1)

/var/log/smtp/2016/06/smtp-2016-06-20.log.gz:2016:06:20-20:44:29 SERVERNAME exim-in[18615]: 2016-06-20 20:44:29 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=[SAN:CONTEROLLER:IP:ADDY]:36977 input=”NOOP\r\n”

 

Resolution:

To resolve this issue, I tried numerous things however the only fix I could come up with, is configuring the SAN to relay SMTP notifications through a Exchange 2013 Server. To do this, you must create a special connector to allow SMTP relaying of anonymous messages (security must be configured on this connector to stop SPAM), and further modify security permissions on that send connector to allow transmission to external e-mail addresses. After doing this, e-mail notifications (and weekly SMTP reports) from the SAN are being received reliably.

 

Additional Notes:

-While in my case the issue was occurring with EXIM on a Sophos UTM firewall, I believe this issue may occur with other E-mail servers or SMTP relay servers.

-Tried configuring numerous exceptions on the SMTP relay with no effect.

-Rejected e-mail messages do not appear in the mail manager, only the SMTP relay log on the Sophos UTM.

-Always test SMTP notifications on a regular basis.

Mar 262016
 

An issue that’s been making me rip my hair apart for some time… And a fix for you experiencing the same.

 

Equipment:

HP Proliant DL360 G6 Server (with a P800 Controller) running Server 2012 R2 and Backup Exec 2014

HP MSL-2024 Tape Library with a single HP SAS LTO-6 Tape Drive

 

Symptoms:

-After a clean restart, a backup job completes successfully. Subsequent jobs fail until server or services restarted.

-While the initial backup does complete, errors/warnings can be seen in the adamm.log and the Event Viewer even when successful.

-Subsequent backups failing report that the device is offline. The Windows Device Manager reports everything is fine.

-Windows Server itself does not report any device errors whatsoever.

 

Observations:

[5648] 03/05/16 07:50:46 Adamm Mover Error: DeviceIo: 03:07:00:00 – Device error 1167 on “\\.\Tape0”, SCSI cmd 0a, 1 total errors
[5648] 03/05/16 07:55:46 Adamm Mover Error: DeviceIo: 03:07:00:00 – Refresh handle on “\\.\Tape0”, SCSI cmd 00, new handle 214, error 0
[5648] 03/05/16 07:55:46 Adamm Mover Error: DeviceIo: 00:00:00:00 – Retry Logic: Retry logic was engaged on device: HP       Ultrium 6-SCSI
[5648] 03/05/16 07:55:46 Adamm Mover Error: DeviceIo: 00:00:00:00 – Retry Logic: Original settings restored on device: HP       Ultrium 6-SCSI

Event ID 58053
Backup Exec Alert: Storage Error
(Server: “WhatsMySRVRname”) The device state has been set to offline because the device attached to the computer is not responding.

Ensure that the drive hardware is turned on and is properly cabled. After you correct the problem, right-click the device, and then click Offline to clear the check mark and bring the device online.

[09968] 03/05/16 01:42:08.426 DeviceIo: 03:07:00:00 – Refresh handle on “\\.\Tape0”, SCSI cmd 17, new handle ffffffff, error 32
[09968] 03/05/16 01:42:08.426 DeviceIo: 03:07:00:00 – Refresh handle on “\\.\Tape0”, SCSI cmd 1a, new handle ffffffff, error 32
[09968] 03/05/16 01:22:07.867 PvlSession::DismountMedia( 0, 0, 0 )
Job = {JOBHEXNUMBERZZZZZZ} “ServerBackup-Full”
Changer    = {CHANGERZZZZ} “Robotic library 0001”
Drive      = {MYBACKUPDRVXZZZZZ} “Tape drive 0001”
Slot       = 13
Media      = {MEDIAZIDZZZZ} “BARCODEID”
ERROR = 0xE0008114 (E_PVL_CHANGER_NOT_AVAILABLE)

[19812] 03/05/16 01:42:12.613 DeviceIo: 03:07:00:00 – Refresh handle on “\\.\Tape0”, SCSI cmd 1a, new handle ffffffff, error 32
[19812] 03/05/16 01:42:13.129 DeviceIo: 03:07:00:00 – Refresh handle on “\\.\Tape0”, SCSI cmd 00, new handle ffffffff, error 32
[19812] 03/05/16 01:42:13.645 PvlDrive::DisableAccess() – ReserveDevice failed, offline device
Drive = 1007 “Tape drive 0001”
ERROR = 0x0000001F (ERROR_GEN_FAILURE)

[19812] 03/05/16 01:42:13.645 PvlDrive::UpdateOnlineState()
Drive = 1007 “Tape drive 0001”
ERROR = The device is offline!

[19812] 03/05/16 01:42:12.613 DeviceIo: 03:07:00:00 – Refresh handle on “\\.\Tape0”, SCSI cmd 1a, new handle ffffffff, error 32
[19812] 03/05/16 01:42:13.129 DeviceIo: 03:07:00:00 – Refresh handle on “\\.\Tape0”, SCSI cmd 00, new handle ffffffff, error 32
[19812] 03/05/16 01:42:13.645 PvlDrive::DisableAccess() – ReserveDevice failed, offline device
Drive = 1007 “Tape drive 0001”
ERROR = 0x0000001F (ERROR_GEN_FAILURE)

[19812] 03/05/16 01:42:13.645 PvlDrive::UpdateOnlineState()
Drive = 1007 “Tape drive 0001”
ERROR = The device is offline!

Event ID 1000
Faulting application name: wmiprvse.exe, version: 6.3.9600.17415, time stamp: 0x54505614
Faulting module name: MSVCR110.dll, version: 11.0.51106.1, time stamp: 0x5098826e

 

Research:

I spent a ton of time researching this… Old support threads were pointing me in all different directions, most of the threads being old, mentioning drivers, etc… Initially I thought it was hardware related, until through testing I got the gut feeling it was software related. There was absolutely no articles covering Backup Exec 2014 running on Windows Server 2012 R2 with this specific issue.

Tried a bunch of stuff, including swapping the P800 controller, for another HP P212. While it didn’t fix the issue, I gained some backup speed! 🙂

Updating the HP software (agents, providers, HP SMH, WBEM) had no effect.

Disabling the HP providers, and disabling the HP Monitoring, Insight, Management services had no effect whatsoever. Tried different firmware versions, also tried different drivers for the Library and Tape drive, no effect. Tried factory resets, no effect. Tried Library and Tape tools, all tests passed.

Disabled other monitoring software we have in place to monitor software/hardware on clients servers, no effect.

 

Resolution:

-Uninstalled the HP WBEM Providers and Agents.

-Added a “BusyRetryCount” 32-bit DWORD value of 250 (decimal) to the “Storport” key under “Device Parameters” in all the Tape Library and Tape Drive Registry entries. Example:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\SCSI\Changer&Ven_HP&Prod_MSL_G3_Series\5&334e8424&0&000500\Device Parameters\Storport]
“BusyRetryCount”=dword:000000fa

This needs to be added to ONLY and ALL the tape device entries (under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\SCSI\) for the Tape Library and Tape Drives. You probably will have to create “Storport” key under the devices “Device Parameters” key.

After doing this, the backups run consecutively with absolutely no issues. The event log is CLEAN, and Adamm.log is clean, and the “Faulting application name: wmiprvse.exe” errors in the event log no longer occur.

Fixed!

 

Additional Notes:

-Both “fixes” were applied at the same time. I believe the WBEM providers/agent caused the Event ID 1000 errors on WMIPRVSE.exe. While the registry keys alone may have possibly resolved the backup issues, I believe there still would have been an underlying issue with WMIPRVSE.exe faulting that could have other consequences.

-I do not believe the original installation of the HP WBEM providers caused the issue, I have a feeling a subsequent Windows Update, Backup Exec update, other module update, or an update to the HP software may have caused the issue to occur at a later time than original install. I do remember we didn’t have an issue with the backups for months, until one day it started occurring.

-I will be re-installing the HP providers and agents at a later time. I will be uninstalling all of them, and re-installing from scratch the latest versions. I will post an update with my results.

-There is a chance the registry key is needed for the HP software to co-exist with Backup Exec backups for this configuration.

-There is a chance that the registry key isn’t needed if you never load the HP software.

Mar 052016
 

Just wanted to write about a couple issues that I’ve seen occur after migrating customers from Microsoft Small Business Server to Microsoft Server 2012 R2 (with Essentials Experience role), with Microsoft Exchange 2013 On-Premise.

Migration documents that were available were used at the time of migration. We still observed these issues after following. Please note that since these issues occurred, migration documents may have been updated.

Windows SBS Company Web Connector ServerName

After the migration was complete we started seeing event logs pertaining to a “Windows SBS Company Web Connector ComputerName”, often mentioning it’s referencing an object in the Deleted Items container, also referencing the connector is not being activated due to no routes available.

Event ID: 5016

Microsoft Exchange could not discover any route to connector CN=Windows SBS Company Web Connector SERVERNAME,CN=Connections,CN=Exchange Routing Group (XXXXXXXXXXXXXXXXX),CN=Routing Groups,CN=Exchange Administrative Group (XXXXXXXXXXXXXXXXX),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domainname,DC=local in the routing tables with the timestamp 3/5/2016 1:55:34 PM. This connector will not be used.  Total source server count: 1; unknown source server count: 1; unrouted source server count: 0; non-active source server count: 0.

What is happening is that a “Foreign Connector” is still present in the Active Directory and Exchange Configuration for the SBS environments SharePoint e-mail to web feature. In my client’s environments SharePoint is no longer used, so it is safe for us to delete this connector. Only delete this connector if you know you’re not using it (it is used for SharePoint e-mail to web feature).

To list and get information on the orphaned connector, open Exchange Powershell and run:

Get-ForeignConnector | Format-List

To delete the orphaned connector, enter the following command in Exchange Powershell and update the connector name to match the name shown in the command above:

Remove-ForeignConnector “Windows SBS Company Web Connector SERVERNAME”

This will remove the orphaned connector and clean up these errors from occurring. You can also remove the connector using ADSIEDIT, however I prefer to use ADSIEDIT as a last resort, and find this method not only easier, but cleaner.

 

SMTP rejected a (P1) mail from ‘HealthMailboxHEXHEXHEXHEX@domain.local’

Initially post-migration we started observing this event on the server. Mail flow was not affected and everything was functioning properly.

Event ID: 1025

SMTP rejected a (P1) mail from ‘HealthMailboxXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX@DOMAIN.local’ with ‘Client Proxy EXCHSRVR’ connector and the user authenticated as ‘HealthMailboxXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX’. The Active Directory lookup for the sender address returned validation errors. Microsoft.Exchange.Data.ProviderError

 

Additionally, on our corporate firewall (that provides anti-spam), we would observe numerous undeliverable bouncebacks on outgoing messages to the e-mail address “inboundproxy@contoso.com” with the subject “Inbound proxy probe”. These messages occur on exact 5 minute intervals continuously.

Using Exchange powershell to view the active Health Mailboxes, we see that each of these bounce backs are being stored on a particular health mailbox. Essentially the mailbox will continue to grow. Due to the growth, this issue needs to be resolved so the mailbox doesn’t continue to grow in size.

Numerous things can cause this, however in our case looking at transport logs, it is seen that a HealthMailbox is sending e-mail to another HealthMailbox but using an incorrect e-mail address. The Health Mailboxes on the Exchange server have “domain.com” e-mail addresses, while according to the transport logs, the e-mails are being sent to “domain.local”.

Something got mixed up, either with provisioning the Exchange E-Mail address policies, or the domain configured as “default domain”. Either way, Exchange is configured and running, so I wanted to correct this in a manor that would have minimal consequences or changes to the system.

To correct this issue, we need to go in to ADSI edit and modify the “ProxyAddresses” value for the HealthMailbox. Note that any type of mailbox can have numerous aliases and a single default alias. Inside of ADSIEdit for “ProxyAddresses” the value/format is case-sensitive, and uppercase SMTP configures default e-mail address, while lowercase smtp configures alternative aliases. An example value: “SMTP:alias@domain.com” for default, or “smtp:alternative@domain.com” for an alternative alias.

Identifying the account from the event log (note the XXXXXXXXXXXXXXXX in the example), we found the account in the Monitoring Mailboxes container inside of ADSIEdit. We right-clicked on the specific HealthMailbox account, went to properties, and found the “ProxyAddresses” value. We then proceeded to create a new alias by clicking edit, using lowercase smtp and created “smtp:HealthMailboxXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX@DOMAIN.local” and added it to the list, we did not modify or delete any existing values. All we did is create an alternative alias.

So now the Health Mailbox is receiving e-mail for both “@domain.com”, and “@domain.local”. Immediately the bounce-backs stopped, and event logs disappeared.

PLEASE NOTE: For this fix to work, you MUST confirm that the issue is due to the domain .com and .local mismatch. I’m not quite sure, but this issue may also occur after changing the default domain, or default e-mail address policies, in which case you still could use this technique to resolve the issue.

Hope this helps some of you, cheers!

Feb 272016
 

I was one of the lucky few who were able to pre-order a Microsoft Lumia 950XL when orders were first available. I received it late 2015, and absolutely love it. I’ve been a Microsoft Insider (on the Fast Insider Build track), and I’ve been keeping up to date with testing new firmware, software, etc…

Today, I’m writing to talk about a new platform called “Continuum”. Microsoft developed this as part of the Windows 10 landscape for mobile devices. To describe Continuum in one simple short sentence: Continuum provides a desktop like Windows experience with your phone.

No, the desktop experience does not render on the phone screen itself, but when connecting to a Microsoft Display dock, or Miricast wireless projection device, Continuum provides you with a full screen “Windows-like” environment where you can run Windows 10 universal apps, Microsoft Outlook, Word, PowerPoint, etc…

Desktop and Start Menu on Continuum

Desktop and Start Menu on Continuum

This essentially turns your phone in to a fully functional computer, allowing you to connect peripherals such as keyboards, mice, USB drives, printers, the list goes on… This is the ultimate tool for the road warrior, you can hook up to any display (or TV), keyboard and mouse (or use the phone screen as a track pad), and edit word documents on the fly, surf the internet with a full screen browser, or Remote Desktop (RDP) in to your corporate computer. Another awesome capability is to use the Microsoft Wireless Display adapter on a projector for presentations to wireless stream PowerPoint presentations from your phone to the projector.

Word New Document on Continuum

 

Word on Continuum

Word on Continuum

 

Excel on Continuum

Excel on Continuum

 

Now here is where things get interesting! I always hear about new technologies, and while most are gimmicks, I find that Continuum is something that can very much be used regularly in real world scenarios, benefiting those who use it.

For most corporate mobile users, they often rely on their mobile laptops to check e-mail (Outlook), work on documents (Word, Excel) while most of their other work is actually performed through Remote Desktop, Remote Desktop Services, some other terminal services based remote access solution, or even PCoIP access to virtualized desktops. These remote solutions enable access to a companies LoB (Line of Business) applications, which could be for sales, inventory management, CRM, ERP, SAP, you name it!

In order to access a Terminal Services Server (Remote Desktop Server), or a Virtualized Desktop, you need a basic device that can connect to these services.

Here comes Continuum to save the day. No longer is a laptop required, or the licensing that comes along with it. You now have the entire Microsoft Office suite, an LTE hotspot, VPN client, and a fully functional Remote desktop client in your pocket that you can access anytime.

Server list on Continuum

Server list on Continuum

Active RDP session using Continuum

Active RDP session using Continuum

I loaded up the “Remote Desktop (Preview)” app on my phone to test it out. Right now we are using the Preview as it fully supports Windows 10 for mobile both on the phone display, and inside of Continuum. I’m able to connect to my corporate VPN remotely (using the phone’s VPN client), and initialize a Remote Desktop connection to my work computer. I am now completely using my work computer remotely, using any application, and even routing sounds back to my display on Continuum. The uses for this are endless.

I have to say I’m very impressed. With this technology just being released, it performs surprisingly well. Believe it or not, I’m actually writing this blog post using Microsoft Edge on Continuum using my Microsoft Lumia 950XL. All while the phone is still available and can be used separately, as long as the Continuum link remains open.

I think there is going to be some interesting times ahead, and I’m hoping that companies like VMWare develop a VMWare View client for Windows 10 as Continuum could be a perfect PCoIP client for a virtualized desktop.

I’ve attached some extra screenshots below, and a few links providing information on Microsoft Continuum and the Microsoft Lumia 950XL running Windows 10 for Mobile.

 

Screenshots of actual use:

 

Pictures of Devices:

 

Informational Links:

Continuum
https://www.microsoft.com/en-ca/windows/Continuum

Microsoft, on Continuum for phone
http://windows.microsoft.com/en-ca/windows-10/getstarted-continuum-mobile

Microsoft Lumia 950 XL
https://www.microsoft.com/en/mobile/phone/lumia950-xl-dual-sim/

Microsoft Display Dock
https://www.microsoft.com/en/mobile/accessory/hd-500/

Microsoft Wireless Display Adapter
https://www.microsoft.com/hardware/en-ca/p/wireless-display-adapter

Windows Continuum for Phones (Provided by Youtube: Windows)

 

Nov 262015
 

Well, I received my new Microsoft Lumia 950 XL Windows Phone yesterday. Played with it all night (mostly setting it up). I have to say I’m very impressed with both the device, and the Windows 10 mobile operating system on mobile devices.

Let me start off by saying that I’ve actually had Windows 10 loaded up on my Lumia 1020 for the past week and a half (after hearing that the latest insider build is the same build that was shipping on the new Windows 10 devices). Jumping to Windows 10 absolutely rocked. The new operating system is a major step in moving forward in a mobile operating system for phones. I’ll get in to this later on in the article.

Unboxing:

WP_20151125_15_31_48_Pro WP_20151125_15_31_59_Pro WP_20151125_15_32_15_Pro WP_20151125_15_32_51_Pro WP_20151125_15_33_35_Pro

As you can see, they shipped me the Dual SIM variant of the device which was a nice surprise.

Opening the box, it was a very simplistic and nicely organized layout inside. One thing that I immediately noticed was no headphones/headset (which is somewhat surprising as Microsoft is really pushing their Groove Music service, along with Xbox Music Pass). Either way, I can probably use my Lumia 1020’s headphones. I’m sure there’s a ton of headsets available on the Microsoft Store as well.

First, the device feels absolutely lovely in your hands. I ordered the black, and it’s very sleek. The device has a massive screen, and a simple “Microsoft” logo at the top of it. The back has the Microsoft Logo, along with the PureView Zeiss markings, and of course the camera.

Back cover pops off (this took me a while as I didn’t want to break or damage any clips). I’m not sure how easy these break, but I would advise to take your time opening it to install the SIM as well as Micro SD card. One thing I noticed that was interesting, is how the buttons are mounted on the back of the case that pops off. The design shows promise in that if anything is broken, it should be easy to replace the back cover. It would be nice if Microsoft made these parts available for purchase for people who remove/replace these on a regular basis. I’m sure the buttons become a casualty. Under the cover you’ll find the Micro SD slot, 2 X SIM slots, and a replaceable battery (replaceable battery is a nice touch).

 

Plugging in the device, you go through the usual Windows Phone setup which has now been updated to Windows 10. You’ll notice the menu’s and interfaces are beautifully animated in simplistic ways that are pleasant for the user. I elected NOT to restore a backup, as I wanted to start from scratch (especially since my last backup was completed on a Insider Fast build). Give’s me a chance to start from scratch, chose the apps I want (discard ones I don’t use any longer), and setup new personalizations.

You’ll notice once completing the configuration wizard, the display is absolutely BEAUTIFUL! The display features a massive screen, with a high resolution that you can enable a view of more tiles if required (note, if you enable the “View more tiles” feature, the text size remains the same and may limit visibility of text displayed inside of tiles. This is not a problem, rather an observation).

 

Immediate Observations:

-Beautifully animated interface for OS

-Massive screen, easy to read

-Easy to hold phone, feels comfortable in hand/hands.

-Microsoft nailed Windows 10 on mobile devices… Literally, nailed it!

-Texting/typing is super easy and pleasant now for people with big hands. I’ve been hating texting up to this point simply because I find it so hard to type on smaller screens. The 950XL screen size is perfect.

-Text messaging layout is amazing

-Skype video calls work beautifully

-Lots of new UI enhancements moving to Windows 10

-Continuum (desktop experience powered by the phone when connected to video/keyboard/mouse) sounds promising. I have not tested this.

-The Camera takes beautiful pictures, also a nice surprise was 60fps 1080p video recording, also 2160p video recording at 30fps.

-Iris scanner built in for logging on to phone (no more PIN codes). I’ve been using this and absolutely love it!

-Bluetooth pairing extremely reliable

-Service/Cell reception is better than my penta-band Lumia 1020!

-Major improvements to Microsoft Outlook, and now have the entire Microsoft Office suite on the device itself.

 

After spending a night and morning with it, this is my new favorite toy. I’ve so far had absolutely zero deal breaking issues with it, I will report back later on how battery life is.

 

There are 3 major things I want to discuss with this device:

Windows 10 for Mobile Device

This truly is the next step not only for the desktop based operating system, but for mobile devices as well. Numerous improvements can be seen in this OS both on the desktop and mobile platform. What’s really interesting is how Microsoft is converging these platforms and almost essentially merging them both in to one thing, while identifying and maintaining the actual usages for the device that is running the OS, Windows 10.

Going specifically in to phone devices, Microsoft has truly has taken it’s own path in to what it believes the most user friendly mobile platform should be. In my opinion, I think they have hit it dead on. The operating system focuses both on ease of use, and the usual simple little dumb apps that are used for simple tasks in ones personal life, but at the same time is a very powerful tool for both business usage, along with keeping one connected, integrated, and in touch with things that are important for both business and life.

Cortana is a move with Windows 10 to provide an assistant of which most think it compares/competes with Siri on Apple’s iPhone, but while it does compete, she’s actually a total different gal! Cortana integrates all of ones Windows 10 devices, providing an assistant to life, as well as with the integration among devices. This provides someone with an interface to all their data, devices, and technologies behind each of the devices, to any outlet/device that runs Cortana. We are slowly seeing these technologies being introduced and enabled, I think it’s just the beginning of something great!

Microsoft is pushing for developers of Windows 10 apps, to provide design that allows the app to run fluidly among both desktop and mobile platforms. This allows a single app to be installed and ran on both platforms, allowing users to have a converged experience on both their desktop and mobile devices. This means your apps, data, and uses are seamless in changing devices. This essentially allows you to do whatever you need to do, on any of your devices.

Ultimately, you’ve got more than “just a phone” in your hand! You have a device that can do whatever you want, whenever you want! You could say Windows 10 is your window to the world! I know it’s cheesy, but it came to mind and holds true.

 

Iris Scan for Log on/Authentication

One thing I wasn’t aware of getting with this device, was the Iris scanner. While setting up the phone, it prompted to configure this and I thought, “There’s no way this phone has an Iris scanner”… Well, it does! Configured, and did about 20 scans of my Iris to improve the authentication mechanism. It works great, and is very comfortable and quick to use when signing in to your phone! I’m curious to know exactly how accurate this is, also where the Iris data is being stored.

Traditionally I’ve always used a PIN, and set up time-outs for authentication appropriately, but have still had issues with friends getting their hands on my device in between the security time out. With this new Iris scanning authentication, I’ve prompted to require it every time the device is used.

Great technology! I’ve been using fingerprint scanners on my Lenovo laptops for some time, and love the feature. However, Iris authentication is taking it a whole step further. Question is, where can I buy an Iris scanner for my desktop?

Make sure you do tons of scans in different lighting, different angles, and make sure you’re looking in different directions so it can fully map your Iris. This will make signing in to the device that much easier.

 

App availability for Windows 10 (or Windows Phone in general)

With all this power, flexibility, and technology, the only disappointment is that more 3rd party developers aren’t developing their applications for the Windows 10 platform. While the phone has everything I need built in for business, I do use quite a few apps for personal uses. The kicker is, is that most of the apps are not developed by the actual company, but by 3rd parties (one example being 6tag for Instagram access). It would be nice for 3rd party companies to take notice to the Windows platform and embrace it, especially with what it has to offer.

I’ve said this before many times, Microsoft hasn’t marketed any of their Windows Phones well, going back all the way to Windows Mobile days. There has been more adoption in the United States due to events, marketing promo’s, etc… However in Canada I feel there is still a lack of marketing being done.

Essentially, I believe there needs to be 3 separate initiatives. One for business apps, one for personal/consumer, and finally app development.

Microsoft needs to partner with more partners, hold more events, and really work on their relationships with phone providers. It also wouldn’t hurt to provide funding to some 3rd party companies to push Windows app development (this has been done in the past by Nokia and Microsoft as far as I know, however a lot of apps that were created from this haven’t been updated in some time).

Now that there is a new flagship Lumia (The Lumia 950 XL), it will be getting out in the hands of the people, but we need apps!

 

Final Note:

This device is kick ass. I’d totally recommend it!