Jetstress – Too Many IOPS? Andrew Higginbotham

Hello all,

This is a shout out at my Friend Andrew Higginbotham. This man is a multi-MVP and MCM in Exchange Server. He penned an article about Jet Stress, Which is very useful.

The issue is Page Fault Stalls/sec and the subject is SSD Solid State Drives.

I admit to not spending my time in Jet stress, as I don’t work on design elements as much as I do Skype. Andrew has come to my rescue on a few Design issues and Jet Stress on more than one occasion.

It turns out you should read this if you using SSD Flash Drives and Jet Stress= Here

This quick reference in my Blog is to support Andrews Blog and Recommend you read everything he writes. He is truly one of the best Exchange Persons around the US neighborhood.

Andrew thanks for your time on this case. I hate not being the expert but I am proud to work on a team with such strengths. I am just glad to be part of a team of individuals whose strengths compliment each other.

https://exchangemaster.wordpress.com/2017/07/12/jetstress-too-many-iops/

 

Louis

Advertisements

Some tips on fixing Warning – Reverse DNS does not match the SMTP Banner

 

 

I have a pretty common error that I get asked about pretty frequently. I wanted to take a moment to hopefully share some information on what the error is, what to focus on, and what tools you need to fix and monitor.

First of all, please understand this paper covers the simplest of scenarios. Multiple sites, Smart Hosts, Bridgeheads, and multiple Accepted Domains will quickly muddy the waters, but for a basic Exchange Server, This Article Applies directly.

 

The Error

Exchange Server 2013 SMTP banner does not match reverse lookup. or

Warning – Reverse DNS does not match the SMTP Banner

 

Disclaim

First be aware, there is a lot of misinformation out there. Stop and read and understand, before you decide which articles are telling you the truth. This error is likely to pop up in a few situations. I wanted to take a minute to clarify this message and what is needed to clear this up.

First you must understand this error  is directional and relative to a point in mail flow. So you really have to nail down your situation before you set out on solving the problem. You risk getting yourself more confused. Speaking of that, let me try to hopefully explain in a simple way.

First let me say the SMTP Banner is more generally a problem for outbound mail. You may still get an error for inbound connectors,  but mail will not usually fail either. Internal mail uses Internal banner (host) and DNS, and external mail uses External Banner and DNS.  An error comes about, generally where you have mail received across the public internet, where a reference is made to an internal FQDN in the SMTP Header.

Inbound Banner

So if you think you have an inbound banner issue, just go into your inbound mail connector, and then try to save it, without making changes. If there is a problem, you should get a pop up message similar to figure A

Figure A. Inbound Banner issues are identifiable

 

Exchange will promptly give you an error when your inbound connector has a banner issue. Why you ask? Because  the Banner is checked by Exchange, against the security settings.  Think of it like a security Guard. They always check you coming in, but once you have cleared security, it is not as difficult to leave.

So I won’t go into the explanation of inbound banners, except to say, by the time your mail hits this server, the lookup is internal, so the Banner should always be internal. In addition, you have a server, with a certificate, matching this FQDN, so it should make sense that these should all be the same name. Do what the error says and set the Banner to the Internal FQDN.

Outbound Banner

Outbound is really the same sort of thing, for any outbound Internal Connectors. Internal connector, Internal FQDN. The change comes when you have an outbound Internet connector. So this connector will be the banner for your reverse look ups by external recipients. That is, unless you have a third party device doing store and forward for you, in which case, you should be able to set the SMTP banner there as well. Assuming you don’t use a smart host, your Send connector header would look like this:

 

Figure B. Send Connector Scoping Tab.

 

This should make sense. You see this is the external facing send connector. Once mail leaves this connector, the mail will be called External Mail. From this point mail will have to rely on MX, DNS or a Smart host to propagate.

So.. What do you think gets queried for the reverse lookup? The mail server at the destination Is going to query public records it finds, against the header and other information it has received, when it looks your mail domain up. So the checks done include reverse lookup, Public MX record, A record, Text Record and SPF record. So all you need to do to is make sure these records contain your correct Public IP address for your Exchange server, the correct resolution of the  Banner to an IP address, and verify the other records contain the same Name and or IP addresses.

A light conversation

So now we get to brass tacks. So I want to focus you to the main things you would need to set correctly. This is:

  1. Public MX record -Domain.com resolves to target mail.domain.com at PUBLIC IP address
  2. An “A Record” that is the value of the Banner “Mail.domain.com”
  3. An “A record” for values for your setup like “auto-discover.domain.com”
  4. TXT or (PTR) record for your Reverse Lookup DNS record. One domain should be assigned to one PTR record- this is what should match the “send” banner
  5. SPF record. – . Special record with special format for Domain verification by Anti-Spam. SPF record tool will help generate your record

Tools you can use to make sure your records are correct:

  1. Install Dig on your client machine for windows- Dig -x Public IP (will find your PTR record)
  2. Dig domain.com will give you your “A” record.
  3. Dig mail.domain.com txt – will show your SPF record.
  4. Dig mx domain.com to query MX record, or Dig @nameserver.domain.com yourdomain.com

So with this Dig tool, you can check and cross check. If you have an IP address in this mix, that you are not aware of, or are not using, then you will need to fix this.

I am not going into too much detail here, but if you have all these records in place, and make sure they point to the public IP address, which sends the exchange server its mail, then you should be happy. Use the web site IPCHICKEN.COM on your Exchange Server. It will tell you your Public IP, normally used for Setting Public DNS records. For non-smart host or bridgehead customers, your value of IPCHICKEN, should be your Public IP values for these records.

In Closing

You have the public information you need to set records above. Set this correctly. Second, go to Exchange Server and set the FQDN correctly and you should no longer have SMTP banner failing to match the reverse lookup:

  • Send Connector Mail Flow -> Send Connector-> Scoping-> FQDN
  • Receive Connector  Mail Flow -> Send Connector-> Scoping-> FQDN

Make sure these FQDN matches its function. Internal connector is internal FQDN.

Send Connector is Public FQDN. Then make the Records match the correct public values and this issue will be resolved.

In closing Here are some tools you can use to troubleshoot:

Exchange Connectivity.

Dig Bind Tool

MX Tool Box

I hope this is helpful and explains what you are seeing, and how you can fix your SMTP banner issue.

Thank you,

 

Louis

 

 

 

New Skype for Business and Exchange Certification Track aka New Lync Exchange Upgrade Certifications to MCSE Productivity

Before I jump right in this evening, let me share the exciting picture of Saturday night Live Season 42, episode 2. This is a lovely commentary on the second presidential Debate. I recommend catching Saturday night live season 42. the Debates are hilarious!

Untitled

No matter if your for Trump Or Hillary, please be nice to each other! This is a great country and all of our problems are small to those who have less. No matter what! All we have is each other! Anyway for the New Certification information, first be aware that you should be transitioned automatically. If you have Server 2012 MCSE and Exchange or Lync MCSE, you should now see this in your transcript

Untitled

From this point forward (9/26/2016), you will be on the new program. This means you will be trying to keep the following certifications valid:

  • MCSE: Cloud Platform and Infrastructure – focusing on skills validation for Windows Server and Microsoft Azure
  • MCSE: Mobility – focusing on skills validation for Windows Client and Enterprise Mobility Suite
  • MCSE: Data Management and Analysis – focusing on skills validation for both on-premises and cloud-based Microsoft data products and services
  • MCSE: Productivity – focusing on skills validation for Office 365, SharePoint, Exchange, and Skype for Business
  • MCSD: App Builder – focusing on skills validation for Web and Mobile app development

It’s a nice change because you just have to take one test a year to be able to keep your certification. Microsoft uses an elective system, so Productivity, for example could be Skype, Exchange or SharePoint. In addition, the advanced topics are also on the same certification, but you don’t have to take the advanced certification until the following year, and you still have the MCSE.

So this is a tradeoff. You get the certification up front, but you will ultimately want to complete all the exams, over time.

The old way, you had to scram to get all the exams done, and then you had a long period of no growth perhaps, followed by another scramble period.

I think the new method matches reality. And on that note, Having taken the 2016 Server Exam Beta (70-743) for Infrastructure upgrade; the new testing methodology has finally moved to the future. No more questions with the same boring beginning. The questions are straight forward. By the end of the exam, you are telling yourself, you deserve to fail if you don’t know the information.

I was very satisfied with the new test format. So in closing, we have a new Certification format, and new Test format coming our way.

The resources I have used and recommended are Born to Learn and Microsoft virtual Academy. These are both much better then the past, and the material is generally helpful.

https://mva.microsoft.com/

https://borntolearn.mslearn.net/

 

Good luck and happy Certifying!!!

Louis

Fix your Exchange Errors: the name on the security certificate is invalid or does not match

 

Hello Exchange Admins,

I found a great new tool from Digicert. I had to share it with everyone. Now days you cant have .local on your public certificate. This can create certificate pop ups. Digicert, always a proactive company, has come up with a tool, to remedy this problem.

They make changes to your Web services, to change the names to .com, eliminating the problems with Exchange. This also generates a roll back script, to get you back to the default settings, if there are any problems.

I don’t see the down side to this approach! Thanks Digicert, for putting the work in, so we all benefit.

The Tool is located here:

https://blog.digicert.com/replace-internal-names-certificates-part-2/

They also have a part 1 article on replacing your internal certificates, but part 2 is an awsome edition to the tool box, for Exchange people.

Thank you Digicert!

 

Here is part 1 on Internal Names

Thanks Again,

Louis

Skype Database cannot be opened. It is in the middle of a Restore

 

Hello All. I had a case that I have solved several times, but I forgot this particular morning, what I did to fix it. This is when I generally make a Blog. So the scenario is when you run the Topology Builder and complete a Mirror. However, at the end of the Mirror Creation, you get an error in the topology builder. This error may take many forms.

 

Untitled

 

The error boils down to: Database cannot be opened. It is in the middle of a restore. If the mirror has not replicated, then your in another boat. However, In my case, The Mirror Databases seem to have restored completely.

I am not saying this will work for everyone, but if your issue is the SQL script got stuck, you may be able to just terminate the restore script, and re-publish your topology. If this works, great. If not, at least you had something to try.

Otherwise, this restore state never stops. It just sits in this state, and the mirror never finishes.

 

Untitled

See the above results over trying to publish this mirror over and over and over. Hopefully this small step is all you need to fix your issue.

 

I have had another issue where this was only part of the issue. Next step is you want to check your SQL error log and see if the SPN account has an error. Look for:

 

“The SQL Server Network Interface library could not register the Service Principal Name (SPN) for the SQL Server service. Windows return code: 0x2098, state: 15”

This is an indication you need to check into your Permissions to SQL or the Service account permissions to both Computer accounts.

If you don’t have these kinds of errors, then you may be fortunate. Try running this script if the issue is just that something is stuck at the end of the script:

Untitled

Happy troubleshooting!

 

Louis

Skype for Business Does not Use Bots or BOT Framework in 2016

BOTS?

What brought my attention to this subject was an memo from a coworker. It was just a run of the mill comment, and it really was the implied meaning I took away from it. I got the impression, that some of my friends were thinking that the BOTS were going to be available to them in SKYPE for Business (SFB). Comments are generally warm, with the reception of SFB, but one persons BOT comment was left un-answered, presumably because most SFB people are not privy to any information about these BOTS.

I will tell you, I didn’t reply. But my instincts wanted to tell them BOTS are not part of SFB. Honestly, I didn’t know for sure. Really, I don’t know what a Bot is! So, if not for posterity, let it be my own curiosity which let me to find out; What are we missing in SFBLAND, that is so exciting in the rest of the industry? As is turns out, I think we should be paying attention. Its not going to be long, before we are up to our necks in BOT support!

Below I really lay out a case for the inclusion of BOTS in SFB, but I would reach out to my colleagues to ask them, is there any reason why SFB is left out at this phase? Is there a big awesome change coming? Is there a secret project a foot? Is it Top Secret? No I am not a conspiracy theorist, so let me just leave that where it lay!

BOTS ARE HAPPENING! 

For the Skype for Business Users, if you had been ignoring BOT notifications in your email, let me catch you up! so much of this is going to be directly relevant to SFB at some point!

  • “BOTS” are Artificial Intelligence In Microsoft’s usage.
  • The closest I found to a definition was “conversation agents
  • Microsoft recently released a BOT framework, for Developers and programmers.
  • This Framework, includes a BOT connector service, with a goal of enabling communication with Disparate platforms such as LinkedIn,Facebook,Skype,Slack,stack and more. You get it?
  • Wand Labs Seems to have something to do with Bots. This company should be working with SFB for some Long term guidance, I would think. Why Else is SFB is not yet involved with BOTSVILLE?  
  • Cortana is supposed to be a BOT.
  • SFB is coming out for the mac! SKYPE is too, With Group Chat!
  • The above may not seem related, but I think it is! See the Skype Release is for Android, IOS and windows platforms. No one seems to be left out.
  • To underscore the point I made about group chat, that is what enabled the First Bot to work, and it works on SKYPE and it works with the MAC!
  • More then 20,000 Developers signed up for BOT Framework, and now there are more then 30,000 Signed up. Why? I think there is a synergy building here:

Microsoft has chosen to merge the Skype Bot Platform and the Microsoft Bot Framework

I would encourage you to read the papers I am placing into the links. I had to go through a lot of articles to get this trend about BOTS. It does look like a rather huge thing, looking into the future. I encourage you to tell me your thoughts on how this may play out.

Here is what was said on the MAC preview for SKYPE:

Skype Bots, a way to bring expertise, products, services and entertainment into daily messaging on Skype, are now available in preview on two additional platforms: Mac and on the Web.

 

SKYPE FOR BUSINESS has NO BOTS

Ok so now that I have detailed the exciting part, let me shut down the idea that SKYPE for Business is involved with any of this. See below from the MS blog site, confirming:

There is currently no story yet for Skype for Business. With the Microsoft Bot Framework you can build a bot that “channels” through multiple chat application like Skype, FB Messenger, KiK, Slack, Telegram etc. Skype for Business is not yet part of the available channels and no information is available when that will be available.

Some very promising statements have been made, and it looks like there is a concerted effort, by Microsoft, to initiate this BOT to work across the entire platform and the entire Industry:

“BOTS are a new way to bring expertise, products, services and entertainment into daily messaging on Skype”

“Skype bots can introduce both audio and video experiences, the company (Microsoft) said.

In fact, there has already been requests, at the Developer level, to bring BOTS on board with SFB. Below is the question asked at the BOT NET feedback web site:

Any plans for Skype for Business?
Bots offer a great opportunity to the enterprise users. I would be interested in private internal bots with Skype for Business available as a conversation channel.

Conclusion

So at this point, the only thing I have proved, in this article, is that SFB does not work with BOTS. When A customer calls to support, we can now tell them that Microsoft Skype for Business Does not have support for BOTS. 

Ill leave the conversation up to my readers. Do you think it will be long before SFB gets into the BOT world? The more important question is what is the hold up? Is there something else coming, that is a larger piece of the puzzle?

I hope this has raised your awareness about the BOTS and let you know we are likely going to be hit with BOT questions, until SFB finally joins the FOLD.

I do think that having SIRI on my Skype for Business Client is going to be just fine with me!!

 

Louis

Flash: The Best way to Fix your Exchange 2013/2016 Unified Messaging, UM Dial Plan, is to redeploy it. It is not as hard as it sounds.

 

Hello!!  I’m Lester Tarkenson and welcome to another installment of Fun with Dialplans. today we will be discussing how the real professionals troubleshoot their Dialplans.

The first thing a seasoned person does, when they see a dial plan, created by a customer, who has never had a dial plan working before; why of course! They chuck it! Yes, there are many reasons for this, but I can name off just a few:

  • 1. Once your gateway and hunt group are married together, changes made manually, may cause objects to be out of sync, causing failure of the Dial Plan
  • 2. Spaces are not allowed in certain circumstances
  • 3. Strange Characters and long object names are both possible reasons for failure in  the Unified Messaging setup. (now called UM heretofore)
  • You have to restart the UMSERVICE and the UMCALLROUTERSERVICE after making every change in UM. Trust me this will get you at some point.

For these reasons and more, It is best to just build from the bottom up. It is very good advice, until you begin to try to take the UM apart. It fails all over the place, yet some commands do work. It quickly becomes a struggle to just get you back to were you were, with no harm done.

Lets just take a deep breath and enjoy a quick Poem:

DIAL PLANS IN THE SKY
MY DIAL PLAN TASTSE LIKE PIE
HUNT GROUP ON MY SLEEVE

Ok. I am deeply sorry for that. Try to recover. I know it will be hard. But, you will have a ton of time to make me a nice Haiku email, because rebuilding the Dial Plan will work instantly and you can move on with your life. so lets begin.

Remove what you can in the Exchange Admin Center

Let me say, without any need to have to tell any of you: Make a copy of all your settings. use screen shot, back up, notepad, whatever it takes, but do something to make sure you have the settings to rebuild with!

The first thing you do is use the GUI to get as much deleted as you can.

Figure 1. Untitled

 

Open up the Dial plan and start with the UM Maalox Policy and the Auto Attendant. Go in and delete and remove all that you can. Whatever is left, will be for us, in the Exchange Management Shell. You can work with Maalox or the Mailbox, it is your choice!

 

Figure 22

Getting the UM dial Plan Un Nested

So now this part may require some freestyle, so I am including all UM commands in the EMS for 2016. One small chart. I like it! See below. The goal is to get the UM objects un-nested. Then you can delete them with the Shell. Use your get commands, and then use your remove and delete commands, where appropriate. I am going off memory at this point, so I will be improving steps over time. using Figure 1 and 2, go in and manually remove everything.

Figure 3.mychart

Break the nesting with Exchange Management Shell

Do not run the Exchange Script UCExchUtil.Ps1, at any point during this process. Once you have removed as much, from the Dial Plan, as you can, using the Administrative Center; You now move to the Exchange shell and run these commands:

  • Set-UMCallRouterSettingS -DialPlanS $null
  • Set-UMMailboxPolicy -UMDialPlan $null
  • Remove-ummailboxpolicy -identity policyname
  • Remove-umhuntgroup -identity gatewayID\Huntgroupname
  • Set-UMService -idenity Servername -DialPlanS $null
  • Set-UMMailbox uSername -UMMailboxPolicy $null
  • Remove-umdialplan -identity Umdialplan

This will allow you to remove the Dial Plan and the Gateway. If the gateway is not removed by now, remove it in the GUI

Now that you have the Dial Plan and gateway removed, you are Free to begin with a new Dial Plan. Make sure you follow a good document on setting the Dial Plan up.

How to Integrate the UM Dial Plan and Lync/SFB

I could not do a better job at showing you the Lync Integration then Dean Suzuki. Look at his articles here. There are steps for the whole integration here:

And this is the end. I realize the title is a lot to live up to. However, the process is not hard, it just doesn’t have a lot of documentation out there that talks about it.

I hope you will be rebuilding your Dial Plans and gateways  for fun and enjoyment. Don’t forget to run your .\ExchUcUtil.PS1 command when you are finished. This will solidify your settings and you will be taking UM calls after you restart the UMCALLROUTER service and UM service on each Exchange Server 2013/2016.