The Tech Journal

Failed to connect to the connection server – Using Chrome on VMware Horizon 7.4 via HTML client

ESXi, Omnissa Horizon, VMware, VMware Unified Access Gateway, vSphere 26 Responses »

Jan 062018

Last night I updated my VMware VDI envionrment to VMware Horizon 7.4.0. For the most part the upgrade went smooth, however I discovered an issue (probably unrelated to the upgrade itself, and more so just previously overlooked). When connecting with Google Chrome to VMware Horizon HTML Access via the UAG (Unified Access Gateway), an error pops up after pressing the button saying “Failed to connected to the connection server”.

The Problem:

This error pops up ONLY when using Chrome, and ONLY when connecting through the UAG. If you use a different browser (Firefox, IE), this issue will not occur. If you connect using Chrome to the connection server itself, this issue will not occur. It took me hours to find out what was causing this as virtually nothing popped up when searching for a solution.

Finally I stumbled across a VMware document that mentions on View Connection Server instances and security servers that reside behind a gateway (such as a UAG, or Access Point), the instance must be aware of the address in which browsers will connect to the gateway for HTML access.

The VMware document is here: https://docs.vmware.com/en/VMware-Horizon-7/7.0/com.vmware.horizon-view.installation.doc/GUID-FE26A9DE-E344-42EC-A1EE-E1389299B793.html

To resolve this:

On the view connection server, create a file called “locked.properties” in “install_directory\VMware\VMware View\Server\sslgateway\conf\”.

If you have a single UAG/Access Point, populate this file with:

portalHost=view-gateway.example.com

If you have multiple UAG/Access Points, populate the file with:

portalHost.1=view-gateway-1.example.com portalHost.2=view-gateway-2.example.com

Restart the server

The issue should now be resolved!

On a side note, I also deleted my VMware Unified Access Gateways VMs and deployed the updated version that ship with Horizon 7.4.0. This means I deployed VMware Unified Access Gateway 3.2.0. There was an issue importing the configuration from the export backup I took from the previous version, so I had to configure from scratch (installing certificates, configuring URLs, etc…), be aware of this issue importing configuration.

My 10 year review of Iristel – The Canadian VoIP SIP Trunk provider

Calgary, Internet, Reviews, Trixbox, VoIP No Responses »

Dec 152017

The Challenge

Finding a cost-effective SIP trunk provider in Canada can be one of the biggest challenges that a business may have when trying to adopt VoIP technology. This is also a common problem for VoIP PBX re-sellers, as it’s hard to find a good provider to refer.

Back in 2007, just a year in to running my own company, my telecommunication and voice requirements massively grew. I needed a phone system to handle multiple extensions, call forwarding, conference rooms, follow-me services, rings groups, and needed the ability for staff and contractors to have their phones (and extensions) in remote offices or home offices. Also, I was travelling quite frequently so I needed to be able to have an extension running on my smartphone (so it would appear as if I was at the office, and to save on international roaming and long distance costs).

Implementing a VoIP PBX phone system handled all of this, and was very easy to implement however finding an SIP trunk provider was not. Originally I was using FXO/FXS adapters to pipe analog lines in to my PBX, however I wasn’t happy with the quality or the complexity of a solution. I wanted a true 100% digital, and 100% Canadian hosted solution.

The Solution (The Review)

After spending months researching providers, I came across a company called Iristel. There were numerous great reviews on the internet, and most importantly they had a following of Trixbox (Asterisk) users, so I could verify they would work with my PBX. They were a Canadian company (important to me), who provided SIP trunks at a great cost. I signed up for service, and tech support was actually amazing at providing assistance for configuring the SIP trunks with my Asterisk PBX, their sales staff was pretty awesome as well!

Here’s where the review gets boring (which is a good thing), I’ve been using them for around 10 years now, and everything has always just worked! I think in 10 years, I may have experience a single 1-2 hours of downtime, and this was due to a compatibility issue with Asterisk and their SIP gateways caused by an update (SIP registration bug). In this one-off case, tech support was immediately available and made configuration changes to resolve this issue. Outstanding service to say the least!

Over the years, I’ve also re-configured and deployed new PBXs. I’m now using FreePBX, and Iristel is still working great! AND YES, Iristel supports T38 faxing!

I would definitely recommend Iristel as a your VoIP SIP provider for your business digital telephony needs!

Feel free to reach out (comment) if you have any questions about my review, or the quality of the services.

Disable auto read receipts being sent via mobile (Exchange ActiveSync) devices

E-Mail, Exchange Server, Internet, Microsoft 15 Responses »

Nov 062017

Something that has bothered me for a very long time has been the fact that mobile devices (using Microsoft Exchange ActiveSync), automatically send read receipts if the sender has requested it without prompting the user. This means that if someone sends you an e-mail, requests and read receipt, and you open it on your mobile device; it will send a read receipt without prompting you or giving you a choice in the matter.

This is bad for a number of reasons such as spam (this is a big one, where they try to validate e-mail addresses), legal reasons, you don’t have the time to respond and don’t want a read receipt sent yet, or you simply don’t send read receipts…

Now, with Microsoft Exchange 2016 you can disable this so that mobile devices don’t automatically send these read receipts out. It’s a simple procedure using Outlook on the web (previously known as Outlook Web Access, a.k.a OWA).

To disable automatic read-receipts:

Log on to your OWA (Outlook on the web) server.
Click on settings (the gear) on the top right
Expand the “General” settings menu, and select “Mobile Devices” (as shown below)
Check the checkbox for “Don’t send read receipts for messages read on devices that use Exchange ActiveSync”.

You’re done!

Offline Address Book Missing on Exchange 2016 clients

E-Mail, Exchange Server, Internet, Microsoft 55 Responses »

Nov 062017

After doing a migration from Microsoft Exchange 2013 to Exchange 2016 I noticed that my Offline Address Book (OAB) wasn’t being made available to Outlook clients.

When trying to perform a manual download (Send and Receive -> Download Address Book), it wasn’t in the list. Also when using the “Test EMail AutoConfiguration..” (by holding CTRL and right click on Outlook System Tray icon) to examine the AutoDiscover information, there was no OAB URL (OABUrl in XML) being sent to the clients.

I spent 3 hours trying to find out why this was happening (I assumed it was configuration and/or IIS authentication related). All my virtual directories and URLs were fine, and the OAB was being generated fine without any issues. It simply wasn’t being passed to Outlook clients. I couldn’t find any references of this occurring to other users.

I finally discovered that the “WebDistributionEnabled” configuration flag was marked to False, when it needs to be marked as True. This flag when set to true, allows it to be distributed (Note/Fun Fact: There’s a separate and different flag for older Exchange versions where the OAB is inside of the Public Folder Store). There’s also a different flag “GlobalWebDistributionEnabled”, which is recommended to be enabled as well on Exchange 2016. When setting this second flag to True, it also sets the first one above to True as well.

To fix it we’ll use Exchange PowerShell:

Let’s find the name of your Offline Address Book by running the command below:

Get-OfflineAddressBook

Exchange Offline Address Book Get-OfflineAddressBook

Now let’s set the “GlobalWebDistributionEnabled” flag to True using this next command:

Set-OfflineAddressBook -Identity “Default Offline Address Book (Ex2016)” -GlobalWebDistributionEnabled $true

And finally let’s confirm to make sure the changes take effect and look for the values of “GlobalWebDistributionEnabled” and “WebDistributionEnabled” using the command:

Get-OfflineAddressBook | fl

After making the above changes I recommend issuing an “iisreset” or restarting your Exchange Server. There will also be a delay where you’ll need to wait for your Outlook clients to refresh their autodiscover configuration. You can run the “Test Email AutoConfiguration…” to see if the OAB is now being passed to your clients.

MAPI over HTTP – Outlook Password Prompt on Domain joined External Users

Exchange Server, Microsoft 34 Responses »

Nov 052017

Update – January 8th 2018: After upgrading from Exchange 2016 CU7 to Exchange 2016 CU8 and restarting the server, the password prompt was occurring again on internal/external domain joined computers. Stay posted for more information.

Update – January 13th 2018: If you upgrade to any new CU versions (CU8 or higher), I would recommend resetting all your virtual directories to REVERSE the configuration advised below. On CU8, new issues arose and were resolved by fully resetting (restoring to default) the virtualdirectory configuration, and then re configuring them with the appropriate URL values. The fix below was NOT applied and is NOT needed on CU8 or later.

Update – January 14th 2018: If you still receive password prompts, you Outlook 2016 client may be trying to autoconfigure with Office365 instead of your on-premise Exchange deployment. This is due to the autodiscover order being skewed on a new Outlook 2016 update. Please see https://www.stephenwagner.com/2018/01/14/cannot-create-exchange-2016-account-office-2016-due-repeated-password-prompts/ for more information and a fix for this.

Original Article:

Today I came across an issue that I experienced with Microsoft Exchange 2013, and Microsoft Exchange 2016. The issue relates to using MAPI over HTTP with Microsoft Outlook 2016 (however I’m sure this affects earlier versions) clients.

MAPI over HTTP is used standard on Exchange 2016, or can be enabled manually on Exchange 2013 via running the command:

Set-OrganizationConfig -MapiHttpEnabled $true

You’ll notice that when domain joined computers are internal to the LAN, they will work fine and there will not be any password prompts coming from Microsoft Outlook. However, when a domain joined user leaves the LAN and is external to the network, they will start to receive password prompts like below:

Outlook Password Prompt

After spending hours, I found this fix resolves the situation and applies to both Exchange 2013, and Exchange 2016:

Open up Exchange PowerShell and change the authentication methods on the MAPI virtual directory. We will be removing the negotiate authentication mechanism. Use the command below:

Set-MapiVirtualDirectory -Identity “YOURSERVERNAME\mapi (Default Web Site)” -ExternalURL https://YOURSERVERNAME.YOURDOMAIN.com/mapi -IISAuthenticationMethods NTLM,OAuth

We now need to modify the Authentication settings inside of IIS to remove Negotiate from both the mapi and EWS directories. The command above may have removed it from mapi, but it’s still good to confirm and we still need to change it for EWS. Open IIS Manager, Expand “Default Web Site”. Select “EWS” on the left hand side, and then select “Authentication” on the Right side as shown below:

IIS Manager Left Pane

Select Windows Authentication and then click “Providers” on the right Action Pane. Now remove “Neogiate” from the list so that only NTLM remains, as shown below:

IIS Manager Authentication Providers

Repeat for the mapi on the left as well (Select “Default Web Site”, select “mapi” on the left hand side, and then select “Authentication” on the right side), and confirm that only NTLM is in the list of providers.

Open up command prompt and type “IISRESET” to reload IIS, or restart your Exchange Server!

Older Entries Newer Entries