You may find yourself unable to download attachments on an e-mail message you received on your Android or Apple iPhone from your Microsoft Exchange Server. In my case, this presented a “Unable to download.” with a retry option. Retrying would not work.
If the attachment is larger (over 10MB), this is most likely due to a limit enforced on the Activesync site in IIS on your Exchange Server. In this post I’m going to tell you why this happens, and how to fix it!
Microsoft Exchange uses IIS (Internet Information Server) for numerous services including ActiveSync. ActiveSync provides the connectivity to your mobile device for your Exchange access.
IIS has numerous limits configured to stop massive bogus requests, reduce DDOS attacks, and other reasons.
To resolve this and allow the attachment to download, we need to modify two configuration values inside of the web.config file on IIS.
Below are the values we will be modifying:
MaxDocumentDataSize – Maximum file (message) data size for transfer. “Sets the maximum data size that we will fetch (range or othewise)”
maxRequestLength – “Specifies the limit for the input stream buffering threshold, in KB. This limit can be used to prevent denial of service attacks that are caused, for example, by users posting large files to the server. The default is 4096 KB.” (as per here)
These settings are configured in the following file:
There may be a situation where you wish to completely reinstall WSUS from scratch. This can occur for a number of reasons, but most commonly is due to database corruption, or performance issues due to a WSUS database that hasn’t been maintained properly with the normal maintenance.
Commonly, when regular maintenance hasn’t occurred on a WSUS database, when an admin finally performs it, it can take days and weeks to re-index the database, clean up the database, and run the cleanup wizards.
Also, due to timeouts on IIS, the cleanup wizard may fail which could ultimately cause database corruption.
Administrators often want or choose to blast away their WSUS install, and completely start from scratch. I’ve done this numerous times in my own environment as well as numerous customer environments.
In this guide, we are going to assume that you’re running WSUS on a Windows Server that is dedicated to WSUS and is using the WID (Windows Internal Database) which is essentially a built-in version of SQL Express.
PLEASE NOTE: If you are using Microsoft SQL, these instructions will not apply to you and will require modification. Only use these instructions if the above applies to you.
WSUS (Windows Server Update Services) relies on numerous Windows roles and features to function. As part of the instructions we’ll need to completely clear out:
WSUS Role, Configuration, and Folders/Files
IIS Role, Configuration, and Folders/Files
WID Feature, Configuration, and Database Files
Since we are completely removing IIS (Role, Configuration, and Folders/Files), only proceed if the server is dedicated to WSUS. If you are using IIS for anything else, this will completely clear the configuration and files.
Let’s get to it!
Open “Server Manager” either on the host, or remotely and connect to the host you’d like to reinstall on.
Open “Remove Roles and Features” wizard.
Click “Next”, and select the Server, and click “Next” again.
On the “Remove server roles” screen, under “Roles”, we want to de-select the following: “Web Server (IIS)” and “Windows Server Update Services” as shown below.
On the “Remove features” screen, under “Features”, we want to de-select the following: “Windows Internal Database” and “Windows Process Activation Service” as shown below.
Click “Next” and follow the wizard to completion and remove the roles and features.
Restart the Server.
Open an administrative command prompt on the server, and run the command “powershell” or open powershell directly.
Run the following command in powershell to remove any bits and pieces:
Windows Server Core (on Windows Server 2019) is a great way to reduce the performance and security footprint of your servers. The operating system itself is minimalist and provides no GUI accept for a command prompt, and some basic windows and tools.
All administration on Server Core must be performed via the command prompt, powershell, or remote administration tools (such as Server Manager, or the new Windows Admin Center.
Server Core provides a fantastic foundation for Windows Server Roles (roles that are integrated in the operating system), and can be installed with ease, managed remotely, and managed easily. It’s also nice too because you can allocate less CPU and RAM to virtual machines running Windows Server Core.
Getting started may be a bit tricky as you might need to learn and verse yourself with some commands, powershell, and remote management kung-fu, but overtime it’s easy!
I think I can speak for most admins out there when I say that a WSUS deployment typically consists of a single VM, with the WSUS, IIS, and WID roles installed.
WSUS is usually CPU and RAM intensive (when doing synchronizations), requires disk space, and doesn’t do much else. Because of the spikes, we usually keep this VM separate and don’t mix it with other LoBs or roles, with the exception of perhaps a file server.
Whether or not your VM runs WSUS alone, or also as a file server, since both of these roles are “Windows Roles and Features”, they are perfect to deploy on a Windows Server Core install.
There should be little administrative requirement on the WSUS server, other than re-indexing scripts, and cleanup scripts which can easily be ran from the command prompt, and the occasional Windows Update that will be installed.
Because you don’t require any 3rd party software, management consoles, or GUI related elements, it’s perfect for Server Core. By skipping on the GUI and applications, you’ll be able to allocate that memory, for WSUS/IIS itself.
How to Install and Configure WSUS on Windows Server Core
Install Windows Server 2019 – Server Core
Configure Network, Join to Domain, Update, etc.
Open “powershell” (by typing powershell) and Install the WSUS Role with the following command:
Install-WindowsFeature UpdateServices -Restart
Run the post installation task command to configure WSUS:
You’re running WSUS (Windows Server Update Services) on Windows Server 2019 Server Core, and you want to run the WSUS Re-Index or WSUS Cleanup script, but you can’t because you cannot install the SQL Management Studio on Windows Server Core.
Well, there’s a way around this. To run SQL scripts on the WID (Windows Internal Database) on Windows Server Core, we’ll need to install “sqlcmd” (info here).
Now normally with Microsoft SQL, you’d simply connect remotely using the SQL Management Studio, and you can if you’re using fully blown Microsoft SQL Server with your WSUS implementation, however most of us aren’t. In most small deployments, WSUS is configured using WID (Windows Internal Database) which is essentially Microsoft SQL Express.
Microsoft SQL Express doesn’t support remote named pipe connections, and there’s no easy way to configure TCP connections with the registry editor, so the easiest way to accomplish executing SQL scripts is to install and use the “sqlcmd”.
Install the SQLCMD command utility
First we need to identify the version of SQL express that’s running WID on the server running Windows Server Core 2019.
Open “notepad” and open the following file which containts the WID log.
At the beginning of the log file, you’ll note the Microsoft SQL version that’s running. In my case it’s “Microsoft SQL Server 2014 (SP2-GDR)” specifically 12.0.5214.6 as shown below.
2019-05-14 10:52:47.79 Server Microsoft SQL Server 2014 (SP2-GDR) (KB4057120) - 12.0.5214.6 (X64)
Jan 9 2018 15:03:12
Copyright (c) Microsoft Corporation
Windows Internal Database (64-bit) on Windows NT 6.3 (Build 17763: ) (Hypervisor)
So you have a Windows Server 2019 running Server Core with no GUI installed, and you have installed and are using the IIS (Internet Information Services) role and would like to manage or modify IIS configuration.
Because Windows Server Core doesn’t have a full GUI, you cannot install or use the Internet Information Services (IIS) Manager on this server.
To manage, modify, or edit IIS configuration, you’ll need to use the IIS Manager on a different server/computer, and remotely connect to the IIS instance on Server Core. From here you will be able to edit/modify the server as much as you require.
To do this, you’ll need the following:
Target: Windows Server with IIS role installed
Remote System with IIS Manager installed to connect to target
In my case the target is running Windows Server 2019 Server Core, however you can also use the instructions to enable access on the fully blown Windows Server installs as well.
Follow these instructions to enable remote IIS management.
Log on to the target server.
Open PowerShell (by typing “powershell” at the command prompt) and install the Web Management Service with the following command.
Create a firewall exception (if needed) by running the following command in PowerShell.
There may be a point in time where you may wish to clear and rebuild the search index catalog on your Microsoft Exchange 2016 Server. This will cause the server to rebuild the search index from scratch.
In my case, for the past month or so Outlook 2019 (Office 365) clients connecting to an on-premise Microsoft Exchange 2016 Server, have been seeing the message “We’re having trouble fetching results from the server…”. The user can click on “Let’s look on your computer instead.” and the search will complete.
When troubleshooting this issue, I tried all of the following:
Clearing and rebuilding the Search index on the client computers
Deleted the OST files to re-create the local cached copy on the client computers
Restarting the Exchange Server
Restarting the Client Computers
Analyzing the Event Log for any errors (none)
None of the above helped in troubleshooting.
Because of this, I decided to clear and rebuild the Search Index catalog for the mailbox database on the Exchange Server.
To check the status and to see if your index is corrupt, run the following command:
Get-MailboxDatabaseCopyStatus | ft ContentIndexState
“ContentIndexState” will report as “Corrupt” if it is corrupt, or “Healthy” if it is healthy.
[PS] C:\Windows\system32>Get-MailboxDatabaseCopyStatus | ft ContentIndexState
My server reported as healthy, but I still chose to run the instructions below to rebuild the index.
To do delete and re-create your Exchange Server Mailbox Database Search Index Catalog, please perform the following instructions.
Please Note: This is only for Exchange servers that are not part of a DAG. Do not perform these steps if your server is part of an Exchange cluster. Always make sure you have a complete backup of your server.
Log on to your Exchange server.
From the Start Menu, expand “Microsoft Exchange Server 2016”, and right-click on “Exchange Management Shell”, and select “Run as Administrator”.
Type the following commands to stop required search services.
On a fresh or existing WSUS install, you may notice that the WSUS Administrator MMC applet stops functioning and present the error “Error: Connection Error – An error occurred trying to connect to the WSUS Server.”
I originally experienced this on Windows Server Update Services running on Windows Server 2012 R2 and applied the fix. Recently, I deployed Windows Server Update Services on a new Windows Server 2019 – Server Core install, and experienced this issue during the first synchronization. Before realizing what the issue was, I attempted to re-install WSUS and IIS from scratch numerous times until I came across old notes. One would have thought they would have resolved this issue on a new server operating system.
When the issue occurs, all processes will appear to be running on the server. Looking at the server event log, you’ll notice multiple application errors:
Event ID: 13042 - Windows Server Update Services
Description: Self-update is not working.
Event ID: 12002 - Windows Server Update Services
Description: The Reporting Web Service is not working.
Event ID: 12012 - Windows Server Update Services
Description: The API Remoting Web Service is not working.
Event ID: 12032 - Windows Server Update Services
Description: The Server Synchronization Web Service is not working.
Event ID: 12022 - Windows Server Update Services
Description: The Client Web Service is not working.
Event ID: 12042 - Windows Server Update Services
Description: The SimpleAuth Web Service is not working.
Event ID: 12052 - Windows Server Update Services
Description: The DSS Authentication Web Service is not working.
Event ID: 12072 - Windows Server Update Services
Description: The WSUS content directory is not accessible.
System.Net.WebException: The remote server returned an error: (503) Server Unavailable.
at Microsoft.UpdateServices.Internal.HealthMonitoring.HmtWebServices.CheckContentDirWebAccess(EventLoggingType type, HealthEventLogger logger)
You will also see the below error message when attempting to use the WSUS MMC.
This issue occurs because the WSUS application pool in IIS “WsusPool” has reached it’s maximum private memory limit and attempts to recycle the memory usage.
Ultimately I believe this causes the IIS worker process to crash since it has run out of memory, and the pending command (whether it’s a synchronization or something else) fails to complete.
Previously, I noticed database corruption on a WSUS SQL Express database when this issue occurred, so I recommend applying the fix on a fresh install of WSUS.
To resolve this issue, we need to adjust the max
On the server running WSUS and IIS, open the “Internet Information Services (IIS) Manager” inside of the “Windows Administrative Tools” (found in the start menu, or Control Panel).
On the left hand side under “Connections”, expand the server, and select “Application Pools”.
On the right hand side under “Application Pools” heading, right-click on “WsusPool” and select “Advanced Settings”.
In the “Advanced Settings” window, scroll down until you see “Private Memory Limit (KB)”. Either change this to “0” (as shown below) to set no memory limit, or increase the limit to the value you prefer.
Select “Ok” to close the window.
Restart IIS by running “iisreset” from an administrative command prompt, restarting the server, or selecting “Restart” under “Manage Server” when looking at the default pane in IIS when the server is selected.
The issue should now be resolved and your WSUS server should no longer be crashing.
If you are applying this fix on a Server Core install, you’ll need to connect remotely to the IIS instance to apply the fix.
I can’t tell you how excited I am that after many years, I’ve finally gotten my hands on and purchased an Nvidia Quadro K1 GPU. This card will be used in my homelab to learn, and demo Nvidia GRID accelerated graphics on VMware Horizon View. In this post I’ll outline the details, installation, configuration, and thoughts. And of course I’ll have plenty of pictures below!
The focus will be to use this card both with vGPU, as well as 3D accelerated vSGA inside in an HPe server running ESXi 6.5 and VMware Horizon View 7.8.
Please Note: Some, most, or all of what I’m doing is not officially supported by Nvidia, HPe, and/or VMware. I am simply doing this to learn and demo, and there was a real possibility that it may not have worked since I’m not following the vendor HCL (Hardware Compatibility lists). If you attempt to do this, or something similar, you do so at your own risk.
For some time I’ve been trying to source either an Nvidia GRID K1/K2 or an AMD FirePro S7150 to get started with a simple homelab/demo environment. One of the reasons for the time it took was I didn’t want to spend too much on it, especially with the chances it may not even work.
Essentially, I have 3 Servers:
HPe DL360p Gen8 (Dual Proc, 128GB RAM)
HPe DL360p Gen8 (Dual Proc, 128GB RAM)
HPe ML310e Gen8 v2 (Single Proc, 32GB RAM)
For the DL360p servers, while the servers are beefy enough, have enough power (dual redundant power supplies), and resources, unfortunately the PCIe slots are half-height. In order for me to use a dual-height card, I’d need to rig something up to have an eGPU (external GPU) outside of the server.
As for the ML310e, it’s an entry level tower server. While it does support dual-height (dual slot) PCIe cards, it only has a single 350W power supply, misses some fancy server technologies (I’ve had issues with VT-d, etc), and only a single processor. I should be able to install the card, however I’m worried about powering it (it has no 6pin PCIe power connector), and having ESXi be able to use it.
Finally, I was worried about cooling. The GRID K1 and GRID K2 are typically passively cooled and meant to be installed in to rack servers with fans running at jet engine speeds. If I used the DL360p with an external setup, this would cause issues. If I used the ML310e internally, I had significant doubts that cooling would be enough. The ML310e did have the plastic air baffles, but only had one fan for the expansion cards area, and of course not all the air would pass through the GRID K1 card.
Because of a limited budget, and the possibility I may not even be able to get it working, I didn’t want to spend too much. I found an eBay user local in my city who had a couple Grid K1 and Grid K2 cards, as well as a bunch of other cool stuff.
We spoke and he decided to give me a wicked deal on the Grid K1 card. I thought this was a fantastic idea as the power requirements were significantly less (more likely to work on the ML310e) on the K1 card at 130 W max power, versus the K2 card at 225 W max power.
We set a time and a place to meet. Preemptively I ran out to a local supply store to purchase an LP4 power adapter splitter, as well as a LP4 to 6pin PCIe power adapter. There were no available power connectors inside of the ML310e server so this was needed. I still thought the chances of this working were slim…
I also decided to go ahead and download the Nvidia GRID Software Package. This includes the release notes, user guide, ESXi vib driver (includes vSGA, vGPU), as well as guest drivers for vGPU and pass through. The package also includes the GRID vGPU Manager. The driver I used was from: https://www.nvidia.com/Download/driverResults.aspx/144909/en-us
To install, I copied over the vib file “NVIDIA-vGPU-kepler-VMware_ESXi_6.5_Host_Driver_367.130-1OEM.618.104.22.16898673.vib” to a datastore, enabled SSH, and then ran the following command to install:
The command completed successfully and I shut down the host. Now I waited to meet.
We finally met and the transaction went smooth in a parking lot (people were staring at us as I handed him cash, and he handed me a big brick of something folded inside of grey static wrap). The card looked like it was in beautiful shape, and we had a good but brief chat. I’ll definitely be purchasing some more hardware from him.
Installing the card in the ML310e was difficult and took some time with care. First I had to remove the plastic air baffle. Then I had issues getting it inside of the case as the back bracket was 1cm too long to be able to put the card in. I had to finesse and slide in on and angle but finally got it installed. The back bracket (front side of case) on the other side slid in to the blue plastic case bracket. This was nice as the ML310e was designed for extremely long PCIe expansion cards and has a bracket on the front side of the case to help support and hold the card up as well.
For power I disconnected the DVD-ROM (who uses those anyways, right?), and connected the LP5 splitter and the LP5 to 6pin power adapter. I finally hooked it up to the card.
I laid the cables out nicely and then re-installed the air baffle. Everything was snug and tight.
Please see below for pictures of the Nvidia GRID K1 installed in the ML310e Gen8 V2.
Powering on the server was a tense moment for me. A few things could have happened:
Server won’t power on
Server would power on but hang & report health alert
Nvidia GRID card could overheat
Nvidia GRID card could overheat and become damaged
Nvidia GRID card could overheat and catch fire
Server would boot but not recognize the card
Server would boot, recognize the card, but not work
Server would boot, recognize the card, and work
With great suspense, the server powered on as per normal. No errors or health alerts were presented.
I logged in to iLo on the server, and watched the server perform a BIOS POST, and start it’s boot to ESXi. Everything was looking well and normal.
After ESXi booted, and the server came online in vCenter. I went to the server and confirmed the GRID K1 was detected. I went ahead and configured 2 GPUs for vGPU, and 2 GPUs for 3D vSGA.
I restarted the X.org service (required when changing the options above), and proceeded to add a vGPU to a virtual machine I already had configured and was using for VDI. You do this by adding a “Shared PCI Device”, selecting “NVIDIA GRID vGPU”, and I chose to use the highest profile available on the K1 card called “grid_k180q”.
After adding and selecting ok, you should see a warning telling you that must allocate and reserve all resources for the virtual machine, click “ok” and continue.
Power On and Testing
I went ahead and powered on the VM. I used the vSphere VM console to install the Nvidia GRID driver package (included in the driver ZIP file downloaded earlier) on the guest. I then restarted the guest.
After restarting, I logged in via Horizon, and could instantly tell it was working. Next step was to disable the VMware vSGA Display Adapter in the “Device Manager” and restart the host again.
Upon restarting again, to see if I had full 3D acceleration, I opened DirectX diagnostics by clicking on “Start” -> “Run” -> “dxdiag”.
It worked! Now it was time to check the temperature of the card to make sure nothing was overheating. I enabled SSH on the ESXi host, logged in, and ran the “nvidia-smi” command.
According to this, the different GPUs ranged from 33C to 50C which was PERFECT! Further testing under stress, and I haven’t gotten a core to go above 56. The ML310e still has an option in the BIOS to increase fan speed, which I may test in the future if the temps get higher.
With “nvidia-smi” you can see the 4 GPUs, power usage, temperatures, memory usage, GPU utilization, and processes. This is the main GPU manager for the card. There are some other flags you can use for relevant information.
Overall I’m very impressed, and it’s working great. While I haven’t tested any games, it’s working perfect for videos, music, YouTube, and multi-monitor support on my 10ZiG 5948qv. I’m using 2 displays with both running at 1920×1080 for resolution.
I’m looking forward to doing some tests with this VM while continuing to use vGPU. I will also be doing some testing utilizing 3D Accelerated vSGA.
The two coolest parts of this project are:
3D Acceleration and Hardware h.264 Encoding on VMware Horizon
Getting a GRID K1 working on an HPe ML310e Gen8 v2
Leave a comment and let me know what you think! Or leave a question!