Using custom attributes in Exchange Server 2013 to apply different email address policies

I was recently asked about what the best approach would be to apply 4 or more different email address policies from within Exchange Server 2013 and as most would probably have probably done the same, the first question I asked was:

Is it possible to use one of the following to distinguish which emaila ddress policy to use?

1. Recipient container
2. State or province
3. Company
4. Department

… because as most administrators would know, these are the default rules available to filter recipients for configured email address policies:

Unfortunately for this environment, I was told that this was not possible because the fields populated for all of the recipients were the same and that cannot be changed.  Since the default attributes could not be used, the next option I proposed was to use the Custom attribute filters and as easy as this may seem, a small typo on Custom Attributes article on TechNet:

http://technet.microsoft.com/en-us/library/ee423541(v=exchg.150).aspx

**Note the missing “-“ for the CustomAttribute1 switch.

… threw off this client who was trying to set the value for his recipients. 

[PS] C:\Windows\system32>Get-Mailbox -Identity "Erik Tiller" | Set-Mailbox CustomAttribute1 "some-customAttribute"
A positional parameter cannot be found that accepts argument 'some-customAttribute'.
    + CategoryInfo          : InvalidArgument: (:) [Set-Mailbox], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,Set-Mailbox
    + PSComputerName        : someServer.someDomain.local

[PS] C:\Windows\system32>

Since the client wanted to do this himself and just wanted instructions for me, I compiled an email with the steps and thought I’d also convert it to a blog post.

Before I begin, note that creating email address policies in your Exchange 2013, or earlier versions such as 2010, Organization will not remove already assigned email addresses.  This means that if all of your recipients already have the email address: John.Smith@someDomain.local and you have since removed that domain from your accepted domain policy and from the default email address policy, users that already have this email address will continue to have it.  This is why it’s usually best to create the email address policies first before creating the mailboxes. 

I’ve also been asked several times in the past whether a PowerShell cmdlet is available to remove email addresses for all users and while I’m sure it can be done, the native Set-Mailbox policy only allows you to set or remove email addresses per user.  I’m sure administrators with advance scripting skills may be able to substitute the parameters with variables or loops to accomplish this but I don’t.  Most administrators would probably recommend ADModify to do this instead as it’s GUI based.  With that being said, if anyone has a script that can remove all users’ email addresses aside from the primary, please feel free to post in the comments section.

Begin but determining what string you are going to use to identify which email address policy to use.  The recommendation I made was to simply use the domain names in the string ordering them with the primary domain as the first, followed by a “-“ then the second domain, then the third, etc.  The following is what the email address policies look like:

Each of the policies have the Custom Attribute 1 defined as such:

With the each email address policies configured with the Custom Attribute 1 populated, proceed with using the Set-Mailbox cmdlet (http://technet.microsoft.com/en-us/library/ee423541(v=exchg.150).aspx) to set each user’s mailbox with the appropriate tag:

Set-Mailbox -Identity "Erik Tiller" -CustomAttribute1 “domainA-domainB”

Repeat this for each user or group them together in some order so you can use Get-Mailbox | Set-Mailbox to set multiple mailboxes at once.

For those who are interested, the corresponding attribute for the user when viewing the value in ADSIEdit is the extensionAttribute1 attribute shown here:

 

To for an update of all the email address policies, execute the following cmdlet:

Get-EmailAddressPolicy | Update-EmailAddressPolicy

I personally don’t like using the custom attribute because it requires more administrative effort but if the environment leaves you with no options then this would be better than not having one at all.

Citrix XenDesktop 5.6 Create Catalog “Select Master Image” step throws the error: “Error expanding node”

I recently received a call from a client who was deploying a new Citrix XenDesktop infrastructure and was able to get all the way to creating his first desktop catalog but the wizard would fail with the following error:

Error expanding node

What was interesting was that he told me it would only sometimes throw this error and sometimes it wouldn’t.  There were also no errors logged in the event viewer on the Windows Server 2008 R2 DDC.

Having browsed around the server reviewing the configuration and logs for 10 minutes without any noticeable errors, I went ahead and searched for the error which brought me to this KB:

Catalog Creation Master Image Selection Fails with Error expanding node
http://support.citrix.com/article/CTX133616

While the details in the KB wasn’t an exact match to my problem and the resolution didn’t fix my problem, it did give me a hint that this was most likely a connectivity issue to the vCenter from the DDC.  After ensuring name resolution, routes and ports were all working as it should, I realized that maybe this was a certificate issue because since there were 2 DDCs in the Citrix environment, maybe only 1 of them was working. 

To make a long story short, I realized that DDC01 had the vCenter certificate stored in the Trusted People Local Computer store but DDC02 didn’t.  After getting the certificate into DDC02, the error went away.

Notes on Security Banner and IE Settings for Citrix XenApp servers

After realizing that I had to dig deep into my notes and search for registry settings on the web that I’ve used multiple times over the years, I thought I’d write a post to serve as something for me to reference in the future when I’m trying to create a Active Directory GPO for the following:

Prevent the corporate security banner from being presented:

Computer Configuration –> Policies –> Windows Settings –>Security Settings –> Local Policies –> Security Options:

• Interactive logon: Message text for users attempting to log on –> Enabled
• Interactive logon: Message title for users attempting to log on –> Enabled

Prevent the annoying IE first launch prompts from being presented:

User Configuration –> Policies –> Administrative Templates –> Windows Components –> Internet Explorer:

• Prevent participation in the Customer Experience Improvement Program –> Enabled
• Prevent running First Run wizard –> Enabled

Prevent the IE Protected Mode banner not enabled from popping up in the browser:

User Configuration –> Preferences –> Windows Settings –> Registry:

• Action –> Create
• Hive –> HKEY_CURRENT_USER
• Key Path –> Software\Microsoft\Internet Explorer\Main
• Value name –> NoProtectedModeBanner
• Value type –> REG_DWORD
• Value data –> 1
• Base –> Decimal

Since the latter 2 policies are applied to the user, loopback processing mode is enabled and set to Merge

Computer Configuration –> Policies –> Administrative Templates –> System –> Group Policy:

• Configure user Group Policy loopback processing mode –> Enabled / Merge

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

For easy reference, the following is a screenshot of the policy settings:

Creating a new XenDesktop 5.6 deployment with SQL Server 2012 throws the error: “Cannot write Property Collation. This Property is not available on SQL Server 7.0”

Problem

You attempt to create a new XenDesktop 5.6 deployment with SQL Server 2012 as the back end server but receive the following error when configuring the first desktop delivery controller: 

Cannot write Property Collation. This Property is not available on SQL Server 7.0

Clicking on the Details button displays the following error details:

Exception:

    System.Reflection.TargetInvocationException Exception has been thrown by the target of an invocation.

       at Citrix.Console.Common.CallbackEventArguments.OperationCompleteSynchronizer`1.GetResults()

       at Citrix.Console.Common.CallbackEventArguments.OperationCompleteSynchronizer`1.WaitForResults()

      at Citrix.Console.DeliveryCenter.UI.Dialogs.FullDesktopDeploymentWizardViewModel.Commit()

       at Citrix.Console.CommonControls.Wizard.ViewModel.PageContainerViewModel.CommitProgressOperation.PerformOperationInternal()

Inner exception:

    Microsoft.SqlServer.Management.Smo.UnknownPropertyException Cannot write property Collation.This property is not available on SQL Server 7.0.

       at Citrix.Console.InteractionCore.ThreadedScript`1.<ExecuteNext>d__9.MoveNext()

       at Citrix.Console.InteractionCore.ScriptBase.<ExecuteImplementation>d__1.MoveNext()

       at Citrix.Console.InteractionCore.Scheduler.ExecuteNext(ScriptExecution execution)

    HelpLink.ProdName : Microsoft SQL Server

    HelpLink.BaseHelpUrl : http://go.microsoft.com/fwlink

    HelpLink.LinkId : 20476

    HelpLink.ProdVer : 10.50.1600.1 ((KJ_RTM).100402-1540 )

    HelpLink.EvtData1 : Collation

You’ve gone through the following KBs:

Microsoft SQL 2012 - Citrix Known Issues – 2012
http://support.citrix.com/article/CTX133393

Unable to Create New XenDesktop Site Using SQL 2012 Server
http://support.citrix.com/article/CTX132438

… and proceed to download the:

Shared Management Object Library from:

Microsoft® SQL Server® 2008 R2 SP1 Feature Pack. Installing the Service Pack 1
http://www.microsoft.com/en-us/download/details.aspx?id=26728

Then proceed to install it on the DDC via executing SharedManagementObjects.msi:

… but notice you still get this error:

Solution

The solution was actually quite simple and that was to restart the server.

Installing Microsoft SQL Server 2012 on Windows Server 2012 throws the error: “Error while enabling Windows feature : NetFx3, Error Code : -2146498298 , Please try enabling Windows feature : NetFx3 from Windows management tools and then run setup again.”

Problem

You’re installing Microsoft SQL Server 2012 on Windows Server 2012 but notice that the install fails with the error:

Error while enabling Windows feature : NetFx3, Error Code : -2146498298 , Please try enabling Windows feature : NetFx3 from Windows management tools and then run setup again. For more information on how to enable Windows features , see http://go.microsoft.com/fwlink/?linkid=227143

Solution

The solution is actually quite simple and that is to install .NET Framework 3.5 onto the Windows Server 2012 server via adding features in the Server Manager console:

 

Note the yellow banner in the following screenshot notifying you to specify the installation Windows Server 2012 binaries to proceed:

 

Make sure you specify the source or the install will fail:

 

 

With the .NET Framework 3.5 installed, SQL Server 2012 will now install successfully.

Mounting USB drives directly to a virtual machine on an ESXi 5.x host

I’ve been asked several times recently what the process is to mount a USB drive directly to a virtual machine when one is plugged directly to a host and as easy as it really is, I find most people run into problems because they tend to miss the last step so I thought I’d write a blog post for it.

Start by plugging the USB drive into the ESXi host’s USB port and ensure that it’s lit up if there is a LED light somewhere on the drive.

Once the drive is plugged in, proceed with opening the settings of the virtual machine you would like to mount the USB drive and click on the Add button in the settings windows:

Select the USB Controller as the device you would like to add and click on Next:

Select the Controller type that is supported by the virtual machine operating system (EHCI+UHCI) and click on Next:

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note that I will receive the warning This controller is not supported for this guest operating system. if I change the type to xHCI:

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

Click on the Finish button to add the device:

You should now see a USB controller added to the virtual machine:

 

I find that this is the point where a lot of clients and colleagues ask me my they don’t see the USB hard drive in the virtual machine.  Some say they’ve fiddled around the USB device button found on the console window but don’t see a way to mount the drive:

The reason why the drive isn’t shown is that an important step still needs to be done to actually present the USB drive to the virtual machine so proceed and open up the settings window again and click on the Add button:

Notice that the available device types in the list now contains USB Device.  Proceed by select the device and click Next:

Notice that the USB drive you plugged into is listed as a host USB device.  Select the device if there is more than 1 and click Next:

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note that if a USB drive is already connected to a virtual machine, the Connection column will indicate which virtual machine it is connected to as shown here:

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

Click on Finish:

You should now see a USB controller and a USB 1 device representing the USB drive in the settings window:

Proceed by closing the settings window and you should now see the USB drive in your virtual machine:

This is definitely seemingly an easy task but believe me when I say I’ve been asked a lot of times about this.

How to remove or uninstall the HP Network Configuration Utility

I recently had to virtualize a few racks of HP DL380 G3 servers which I haven’t had to do for years and remembered how annoying some of the HP applications on these servers can be. One of the applications that you won’t be able to uninstall via the Add/Remove Programs is the HP Network Configuration Utility as shown in the following screenshot:

Opening the utility shows there isn’t an option to disable or uninstall:

The way to uninstall it is to actually open the NIC’s properties begin by open the Network Connections window:

Open the properties of a NIC:

Highlight the HP Network Configuration Utility line item and click on the Uninstall button:

You will be asked to reboot upon completing the uninstall:

Proceed to restart the server:

The HP Network Configuration Utility should no longer be in the system tray once the server has restarted:

s