Nov 062017
 

Something that has bothered me for a very long time has been the fact that mobile devices (using Microsoft Exchange ActiveSync), automatically send read receipts if the sender has requested it without prompting the user. This means that if someone sends you an e-mail, requests and read receipt, and you open it on your mobile device; it will send a read receipt without prompting you or giving you a choice in the matter.

This is bad for a number of reasons such as spam (this is a big one, where they try to validate e-mail addresses), legal reasons, you don’t have the time to respond and don’t want a read receipt sent yet, or you simply don’t send read receipts…

Now, with Microsoft Exchange 2016 you can disable this so that mobile devices don’t automatically send these read receipts out. It’s a simple procure using Outlook on the web (previously known as Outlook Web Access, a.k.a OWA).

To disable automatic read-receipts:

  1. Log on to your OWA (Outlook on the web) server.
  2. Click on settings (the gear) on the top right
  3. Expand the “General” settings menu, and select “Mobile Devices” (as shown below)
  4. Check the checkbox for “Don’t send read receipts for messages read on devices that use Exchange ActiveSync”.

You’re done!

Nov 062017
 

After doing a migration from Microsoft Exchange 2013 to Exchange 2016 I noticed that my Offline Address Book (OAB) wasn’t being made available to Outlook clients.

When trying to perform a manual download (Send and Receive -> Download Address Book), it wasn’t in the list. Also when using the “Test EMail AutoConfiguration..” (by holding CTRL and right click on Outlook System Tray icon) to examine the AutoDiscover information, there was no OAB URL (OABUrl in XML) being sent to the clients.

I spent 3 hours trying to find out why this was happening (I assumed it was configuration and/or IIS authentication related). All my virtual directories and URLs were fine, and the OAB was being generated fine without any issues. It simply wasn’t being passed to Outlook clients. I couldn’t find any references of this occurring to other users.

I finally discovered that the “WebDistributionEnabled” configuration flag was marked to False, when it needs to be marked as True. This flag when set to true, allows it to be distributed (Note/Fun Fact: There’s a separate and different flag for older Exchange versions where the OAB is inside of the Public Folder Store). There’s also a different flag “GlobalWebDistributionEnabled”, which is recommended to be enabled as well on Exchange 2016. When setting this second flag to True, it also sets the first one above to True as well.

To fix it we’ll use Exchange PowerShell:

Let’s find the name of your Offline Address Book by running the command below:

Get-OfflineAddressBook

Now let’s set the “GlobalWebDistributionEnabled” flag to True using this next command:

Set-OfflineAddressBook -Identity “Default Offline Address Book (Ex2016)” -GlobalWebDistributionEnabled $true

And finally let’s confirm to make sure the changes take effect and look for the values of “GlobalWebDistributionEnabled” and “WebDistributionEnabled” using the command:

Get-OfflineAddressBook | fl

 

After making the above changes I recommend issuing an “iisreset” or restarting your Exchange Server. There will also be a delay where you’ll need to wait for your Outlook clients to refresh their autodiscover configuration. You can run the “Test Email AutoConfiguration…” to see if the OAB is now being passed to your clients.

Nov 052017
 

Today I came across an issue that I experienced with Microsoft Exchange 2013, and Microsoft Exchange 2016. The issue relates to using MAPI over HTTP with Microsoft Outlook 2016 (however I’m sure this affects earlier versions) clients.

MAPI over HTTP is used standard on Exchange 2016, or can be enabled manually on Exchange 2013 via running the command:

Set-OrganizationConfig -MapiHttpEnabled $true

 

You’ll notice that when domain joined computers are internal to the LAN, they will work fine and there will not be any password prompts coming from Microsoft Outlook. However, when a domain joined user leaves the LAN and is external to the network, they will start to receive password prompts like below:

Outlook Password Prompt

 

After spending hours, I found this fix resolves the situation and applies to both Exchange 2013, and Exchange 2016:

 

Open up Exchange PowerShell and change the authentication methods on the MAPI virtual directory. We will be removing the negotiate authentication mechanism. Use the command below:

Set-MapiVirtualDirectory -Identity “YOURSERVERNAME\mapi (Default Web Site)” -ExternalURL https://YOURSERVERNAME.YOURDOMAIN.com/mapi -IISAuthenticationMethods NTLM,OAuth

We now need to modify the Authentication settings inside of IIS to remove Negotiate from both the mapi and EWS directories. The command above may have removed it from mapi, but it’s still good to confirm and we still need to change it for EWS. Open IIS Manager, Expand “Default Web Site”. Select “EWS” on the left hand side, and then select “Authentication” on the Right side as shown below:

Select Windows Authentication and then click “Providers” on the right Action Pane. Now remove “Neogiate” from the list so that only NTLM remains, as shown below:

Repeat for the mapi on the left as well (Select “Default Web Site”, select “mapi” on the left hand side, and then select “Authentication” on the right side), and confirm that only NTLM is in the list of providers.

Open up command prompt and type “IISRESET” to reload IIS, or restart your Exchange Server!

Nov 052017
 

Around the end of September, I posted a blog article talking about Outlook 2016 prompting for password credentials due to a Office 2016 click to run update bug when using Microsoft Exchange. While they did just recently fix this by deploying a new update, I have since come across a new bug in the latest update.

I noticed multiple computers with Outlook 2016 Version 1710 (Build 8625.2121 Click-to-Run) started getting stuck with the Outlook icon on the system tray showing that it was sending and receiving. When opening Outlook, and hitting Send and Receive, nothing is shown.

When you hold down CTRL and right click on the Outlook icon, choose “Connection Status…”, then select the “Local Mailbox” tab, you’ll notice it gets stuck on “Email@address.com – Saving synchronization log” (as seen below).

I went ahead and tried all the usual troubleshooting steps like deleting and recreating the OST and Outlook Mail Profiles, but it still had no effect. I went ahead and completely uninstalled Microsoft Office, and reinstalled an older version. The issue DID NOT occur on the older version. Once updating to the latest, the bug re-occurred.

I’ve been scouring the internet for 2 days now trying to find information on this however I haven’t received any. This is most likely a new bug produced in the update that resolved the last bug. I will be posting updates when I hear more.

Oct 272017
 

I went to re-deploy some vDP appliances today and noticed a newer version was made available a few months ago (vSphere Data Protection 6.1.5). After downloading the vSphereDataProtection-6.1.5.ova file, I went to deploy it to my vSphere cluster and it failed due to an invalid certificate and a message reading “The OVF package is signed with an invalid certificate”.

I went ahead and downloaded the certificate to see what was wrong with it. While the publisher was valid, the certificate was only valid from September 5th, 2016 to September 7th, 2017, and today was October 27th, 2017. It looks like the guys at VMware should have generated a new cert before releasing it.

 

 

To resolve this, you need to repackage the OVA file and skip the certificate using the VMware Open Virtualization Format Tool (ovftool) available at https://code.vmware.com/tool/ovf/4.1.0

Once you download and install this, the executable can be found in your Program Files\VMware\VMware OVF Tool folder.

Open a command prompt and change to the above directory and run the following:

ovftool.exe –skipManifestCheck c:\folder\vSphereDataProtection-6.1.5.ova c:\folder\vdpgood.ova

This command will repackage and remove the certificate from the OVA and save it as the new file named vdpgood.ova above. Afterwards deploy it to your vSphere environment and all should be working!

 

Oct 192017
 

In the past few days, I’ve noticed that some Sophos UTM firewalls I manage for clients haven’t been sending their daily reports (or other notification e-mails). When I first noticed this, checking my own SMTP proxy, I noticed that the e-mails were being sent from the firewalls, but were being dropped due to an SPF check failure.

Originally I thought this may have just been an overnight glitch with the DNS providers, however I later noticed that it’s stopped all e-mails coming from all the UTMs.

Further investigation, I realized that by default, the Sophos UTMs send their firewall notifications (and configuration backups) from the domain “fw-notify.net”, specifically, the e-mail address “do-not-reply@fw-notify.net”. That’s when I had a brainfart and realized the e-mails weren’t being sent from my clients owned domains, but this fw-notify.net domain.

It appears that recently some SPF records have been created for the domain “fw-notify.net”, which is what is causing this issue. Also, I’m not quite sure if the domain underwent ownership change, or it his was overlooked by someone at Sophos.

I’m assuming numerous other longtime UTM users will be experiencing this as well.

To fix this, just log in to the problem UTMs, and change the notification Sender address as shown below to a domain you own. I changed mine to fw-notify@mydomainname.com (which has valid SPF since it’s my domains relay).

Oct 182017
 

After installing Windows 10 Fall Creators Update (Windows 10 Version 1709), I’m noticing that on one of my multi-monitor machines it’s showing blue colors as purple on one of the displays.

This is very visible when highlighting text, viewing the blue Facebook logo and banner, or any other blue content. When dragging something across both displays (window is shown on both displays) you can see the color differences. However, one interesting thing, is that when dragging from one display to the other, for the last 10% or so when moving, it’ll quickly change to the proper blue before leaving the display, which means this is software related since it will briefly show the proper blue.

After spending over an hour troubleshooting, it’s totally unrelated to monitor drivers (color configurations), video drivers, etc… and I cannot find any configuration to fix this. Also, searching on the internet I cannot find any other occurrences.

Please comment if you have any information, or are experiencing the same issue!

 

Update: I’ve seen 2 other posts of people reporting issues with colors, but no one is going in to detail. I’ve found that the color differences actually show up in screenshots as well (the color changes depending on which display it’s on).

 

Update October 25th, 2017 – Very odd update… I went ahead and tried using the “Calibrate display color”, and while I didn’t really change any settings, on completion of the wizard the colors are now fixed on my display. I’m thinking this is an issue or bug in Windows 10 Fall Creators Update.

Oct 182017
 

Well, it’s October 18th 2017 and the Fall Creators update (Feature update to Windows 10, version 1709) is now available for download. In my particular environment, I use WSUS to deploy and manage updates.

I went ahead earlier today and approved the updates for deployment, however I noticed an issue on multiple Windows 10 machines, where the Windows Update client would get stuck on Downloading updates 0% status.

I checked a bunch of things, but noticed that it simply couldn’t download the updates from my WSUS server. Further investigation found that the feature updates are packaged in .esd files and IIS may not be able to serve these properly without a minor modification. I remember applying this fix in the past, however I’m assuming it was removed by a prior update on my Windows Server 2012 R2 server.

If you are experiencing this issue, here’s the fix:

  1. On your server running WSUS and IIS, open up the IIS manager.
  2. Expand Sites, and select “WSUS Administration”
  3. On the right side, under IIS, select “MIME Types”
  4. Make sure there is not a MIME type for .esd, if there is, you’re having a different issue, if not, continue with the instructions.
  5. Click on “Add” on the right Actions pane.
  6. File name extension will be “.esd” (without quotations), and MIME type will be “application/octet-stream” (without quotations).
  7. Reset IIS or restart WSUS/IIS server

You’ll notice the clients will not update without a problem! Happy Updating!

Sep 292017
 

There is a new issue starting to be visible in the last couple days that I’ve noticed across 3 fully patched systems (Windows 10 running Outlook 2016 connecting to Exchange 2013).

When using Microsoft Outlook 2016 with Microsoft Exchange 2013, a password prompt becomes visible when opening an attachment in an e-mail. The attachment will open, however the prompt occurs after it’s opened, and only appears if an attachment is opened in the first place. The prompt will not appear if an attachment is never opened or highlighted (selected).

Outlook Password Prompt

When entering AD credentials, the prompt keeps re-appearing. When you hit cancel, Outlook will continue to function. You may also see the prompt shown below.

Exchange Password Prompt

After troubleshooting, I can confirm this is NOT related to any of the traditional “Outlook password prompt” issues that users normally experience due to misconfiguration, and I have a feeling this is related to either an Outlook 2016 update, or an update for Microsoft Windows 10 (and/or Microsoft Windows 7).

I’ve only found one other mention of this occurring on the internet which appeared a day ago, where multiple users are experience the same issue with Microsoft Office 365 with Microsoft Outlook 2016 with multiple operating systems (Windows 10 and Windows 7).

Microsoft Office Version: 1708 (Build 8431.2079)

As of right now I have no information on a fix, but I wanted to post this before other admins start ripping apart their Exchange servers trying to resolve this.

Please see below for a fix!

Update October 2nd, 2017: I’ve read that someone used the downgrade guide from Microsoft and downgraded their Outlook 2016 client to an earlier “Click-to-Run” 2016 version. This stopped the password prompt so it appears this issue has to do with the latest updates for Microsoft Office (Office 2016 and Office 365).

Update October 23rd, 2017: Still not fix, however Microsoft has finally acknowledged this issue. Information on their workaround can be found here. Essentially they’re recommending downgrading to a previous “Click to Run” version of Office.

Update November 3rd, 2017: Our Reader AC reported that Microsoft released a statement saying that they addressed this issue in the most recent flights (updates revisions for a line of products). I updated my Office 2016 Click-to-Run instance, and I am no longer receiving the password prompts. I will update in a few hours to confirm it stays this way!

To Update:
1) Open an Office Product (Such as word, outlook, etc…)
2) Click File
3) Click “Office Account”
4) Click “Update Options” on the right side
5) Click “Update Now” from the drop down

Update November 5th, 2017: I can confirm that the latest updates have fully resolved this issue, but create a new issue as well.

Jun 012017
 

Today I’m writing about something we all hate, issues with either limited or no cell phone reception. There’s pictures below so please scroll down and check them out!

We’ve all lived in a house or area where there’s no reception at some point in our life. In the house that I’m in right now, I’ve had no or limited reception for the past 2 years. Regularly I have missed calls (phone won’t ring, and I’ll receive a voicemail notification 2 hours later), or people will send me text messages (SMS) and I won’t receive them for hours. Sometimes if someone sends multiple SMS messages, I’ll actually even completely lose reception for 15 minute intervals (phone completely unusable).

This has been extremely frustrating as I use my phone a lot, and while I do have an office line, people tend to call your mobile when they want to get in touch ASAP. It became an even larger problem when clients started texting me for work emergencies. While I always stress to call the office, they are texting these more and more often.

Recently, to make the problem worse I switched from a Microsoft Lumia 950XL to a Samsung Galaxy S8+. When I received my new S8+, my phone wouldn’t even ring at all, while occasionally I could make an outbound call.

 

For these reception issues, there are typically 4 ways to resolve them:

  1. WiFi Calling
    1. Routes calls, SMS/MMS (texting), and cell services through a traditional Wifi access point. Unfortunately Canadian carriers just recently started to implement this, also you’ll need a supported carrier branded phone. Wifi calling usually won’t work if you’re using an unlocked phone, or purchased directly from manufactorer (you’ll need to buy a phone directly from your provider).
    2. Provides easy handoffs from Wifi calling to the native cell towers.
    3. Unfortunately, if you’re in a low reception area, you’re phone will continue to scan and struggle to connect to cell towers (even though it’s sitting in standby). This will consume battery power.
    4. Easy as it requires no special hardware except a phone and carrier that supports the technology.
  2. Femtocell/microcell/picocell
    1. This is a little device that looks similar to your wireless router or wireless access point.
    2. Connects to your provider using your internet connection. The device is essentially a mini cell tower that your phone will connect to using its normal cellular technologies.
    3. These are popular in the United States with multiple carriers providing options, however my provider in Canada doesn’t sell or use these. I could be wrong but I don’t think any providers in Canada carry these.
    4. Easy as it requires only a single small box similar to your wifi router, and a carrier that supports it.
  3. Cell Amplifier / Cell Booster
    1. A device with two antennas, one indoor and one outdoor. Install outdoor antenna facing closest cell tower, install indoor antenna in your house. This boosts and amplifies the signal coming in and going out.
    2. This option is more difficult as it requires mounting an antenna either outdoors (for best reception) or inside of a window. Also cabling must be laid to the booster which must be a specified distance away from the outside antenna. This can be overwhelming and challenging for some.
    3. Most expensive option if you don’t move.
  4. Move to a new house
    1. Most expensive option
    2. Chances it may not correct, or even make your reception issue worse
    3. New neighbors might be crazy

 

In my scenario, I decided to purchase a Wilson Electronics – weBoost Home 4G Cell Phone Booster Kit. With my lack of experience with boosters, I decided to purchase the most cost-effective option that supported LTE and also which was a refurbished unit. I figured if it worked, I could upgrade it in the future to a better model that was brand new and a model higher.

 

Please see the links below for information:

https://wilsonamplifierscanada.ca/ – Canada Online Store

https://www.weboost.ca/ – Manufacturer website with information on products

The model I purchased:

Refurbished Part#: 470101R

https://wilsonamplifierscanada.ca/weboost-home-4g-cell-phone-booster-kit-refurbished-470101r/

New Part#: 470101F

https://wilsonamplifierscanada.ca/weboost-home-4g-cell-phone-signal-booster-470101/

weBoost Home 4G Product Page

https://www.weboost.com/products/connect-home-4g (United States Web Site)

https://www.weboost.ca/products/connect-home-4g (Canada Web Site)

 

Well, after a few weeks the booster finally showed up! Everything was packed nicely, and I was pleasantly surprised about the quality of the materials (antennas, cables) and the unit itself. With my specific unit being a refurbished model, it looked great and you wouldn’t have been able to even notice.

The unit comes with mounting supplies for different mounting options. I could either mount it on a pole (such as the plumbing exhaust port on the roof), against the side of the house, or use the neat window mounting option for window placement (neat little window mount that uses suction cups to affix).

I already was aware of the location of two towers in my area and had previously used cell surveying utilities to find areas where reception was available. If you purchase a cell booster, you can either follow the instructions for finding the best placement with cell service, or you can use apps on your phone to find the best placement.

Here’s some pictures from unboxing and testing. Please click on the image to see a larger version of the image:

weBoost Home 4G 470101

weBoost Home 4G 470101 Cell Booster Kit

 

weBoost Home 4G 470101 Cell Booster

weBoost Home 4G 470101 Cell Booster Unboxed

 

weBoost Home 4G 470101 Cell Booster

weBoost Home 4G 470101 Cell Booster Refurbished

 

weBoost Home 4G 470101 Cell Booster Outside Antenna Window Mount

weBoost Home 4G 470101 Cell Booster Outside Antenna mounted on Window

 

 

weBoost Home 4G 470101 Cell Booster

weBoost Home 4G 470101 Cell Booster

 

weBoost Home 4G 470101 Cell Booster Inside Antenna

weBoost Home 4G 470101 Cell Booster Inside Antenna

 

weBoost Home 4G 470101 Cell Booster Turned on

weBoost Home 4G 470101 Cell Booster Turned on with full Green LED lights (operational)

 

And BAM! That was it, literally on the first test it worked great. Full bars in the basement with my main carrier! I tried a few other locations, and found at an alternative location, my other cell provider (I have 2 phones, with two providers), started to function as well!

 

See below for reception before and after:

 

As you can see there was a vast improvement! I tested it with phone calls, texts, MMS messages, and data, and it all worked fantastic! All lights on the booster were green (orange and/or red lights mean adjustments are needed).

Now since testing was complete, I decided to install it to make it look neat and tidy and hide all the wires.

I decided to leave it using the window mount since it was working so well (this was to avoid having to get on the roof, or drill in to the house). Underneath the window I have a cool-air intake so I was able to fish the antenna wire through the ventilation duct down to the basement. I was able to make everything look neat and tidy.

Below pics are final install:

Installed weBoost Home 4G 470101 Cell Booster

Installed weBoost Home 4G 470101 Cell Booster

 

Installed weBoost Home 4G 470101 Cell Booster

Installed weBoost Home 4G 470101 Cell Booster

 

Installed weBoost Home 4G 470101 Cell Booster Inside Antenna

Installed weBoost Home 4G 470101 Cell Booster Inside Antenna

 

The entire process was extremely easy and I’m very happy with the result. I’d highly recommend this to anyone with reception issues. This should be able to help as long as there is faint reception. Please note, if you’re in an area with absolutely no reception, then a booster will not function as there is nothing to boost.

You’ll probably need two people, both for testing the signal and adjusting the antenna, as well as fishing cable through your house. Most of the time required for my install was associated with running the wiring.

For testing signal strength, I used the “LTE Discovery” app on Android (https://play.google.com/store/apps/details?id=net.simplyadvanced.ltediscovery)