I was trying to install Exchange Server 2013 CU11 on my lab exchange server. I encountered two errors.

1.  A Restart from a Previous Installing is pending

Resolution:

To remove an orphaned UpdateExeVolatile registry key value

1. Open a registry editor, such as Regedit.exe or Regedt32.exe.
2. Navigate to HKLM\SOFTWARE\Microsoft\Updates\
3. In the right navigation pane, double-click the UpdateExeVolatile key.
4. Configure the key with a value of 0
5. Close Registry Editor.

https://technet.microsoft.com/en-us/library/cc164360(v=exchg.80).aspx

2. Organization Preparation FAILED

Error: 8224

Error:  The following error was generated when "$error.Clear();   install-ExchangeSchema -LdapFileName ($roleInstallPath + "SetupData"+$RoleSchemaPrefix + "schema0.ldf")
" was run: "There was an error while running 'ldifde.exe' to import the schema file 'C:WindowsTempExchangeSetupSetupDataPostWindows2003_schema0.ldf'. The error code is: 8224. More details can be found in the error file: 'C:Usersadministrator.{your-domain}AppDataLocalTemp2ldif.err'".
There was an error while running 'ldifde.exe' to import the schema file 'C:WindowsTempExchangeSetupSetupDataPostWindows2003_schema0.ldf'. The error code is: 8224. More details can be found in the error file: 'C:Usersadministrator.{your-domain}AppDataLocalTemp2ldif.err'

Solution

https://social.technet.microsoft.com/Forums/exchange/en-US/d8713608-1a4d-4d08-b66c-9a38c6bf4625/error-code-8224-ldifde-exchange-2013-installation-failure

Fore Replicate between DCs

https://technet.microsoft.com/en-us/library/cc816926(v=ws.10).aspx

To force replication over a connection

---

1. Open Active Directory Sites and Services: On the Start menu, point to Administrative Tools, and then click Active Directory Sites and Services.
2. In the console tree, expand Sites, and then expand the site to which you want to force replication from the updated server.
3. Expand the Servers container to display the list of servers that are currently configured for that site.
4. Expand the server objects and click their NTDS Settings objects to display their connection objects in the details pane. Find a server that has a connection object from the server on which you made the updates.
5. Click NTDS Settings below the server object. In the details pane, right-click the connection object whose From Server is the domain controller that has the updates that you want to replicate, and then click Replicate Now.
6. When the Replicate Now message box appears, review the information, and then click OK.

Powershell to Uninstall Java JRE installed in Windows

Powershell to Uninstall Java JREs any version 7s  from windows.

create a text file which lists workstations or servers - eg. computers.txt

$computers=Get-Content "C:\computers.txt"
Foreach ($computer in $computers)
{
 $java = Get-wmiobject -ComputerName $computer -Filter "name like 'Java%' AND version like '7%'" | % {$_.Uninstall()}
}

Configuring Outgoing email in SharePoint 2013

(I) Creating Receive Connector in Exchange 2013

1. Go to exchange server and open EAC. Select Mail Flow from the left, choose receive connector and click + click as show below

2. On the Receive Connector page, enter new name for the connector and keep the rest default

3. Under Network Binding, click on pencil to edit 

4. Enter the IP of SharePoint Server and click on Save

5.Click on Finish

6. From the EAC, edit the newly created receive connector, go to Security and check Anonymous users under Permission groups and click Save

(II) Enable Outgoing mail in Document Library

1. Go to SharePoint Server, Open SharePoint 2013 Central Administration and. Under System Systems, click on Configure outgoing e-email settings 

2.On the Outgoing E-Mail Settings, Enter Outbound SMTP server which is your exchange server FQDN, From Address, reply address and click on OK.

3. Now it is time to login the SharePoint Site and go to the document library. Click the library where you want to setup the alert.  we will see Alert me icon as we have setup the outgoing email . Click on the Alert Me and choose Set alert on this library

4. On the New Alert Page, make the selection as per your needs. I kept all as default and click OK.

Once the above is setup properly, you should receive an email confirming the setup.

Configure Incoming emails in SharePoint Server 2013

In couple of months time, I will have to implement SharePoint 2013 at my work. I have started playing around with installation and configuration on my lab environment. I am going to blog any issues that I encountered and the solutions for future reference.

Lab Info:

OS: Windows Server 2012 R2
Database : MS SQL Server 2012 Standard
Active Directory Certificate Service
SharePoint 2013
Exchange 2013
Single Farm will suffice


After I configured incoming emails in both SharePoint and Exchange 2013, I did testing by sending a document but never made it through to SharePoint Document folders.  I am going to document the requirements for SMTP configuration along with the creating send connectors in Exchange.


 Topics:
(I) Installing SMTP  feature in SharePoint Server
(II) Installing certificate for SMTP service
(III) Configure SMTP on SharePoint Server
(IV) Creating Send Connector in Exchange 2013 
(V) Enable Incoming Email on document Library


(I) Installing SMTP  feature in SharePoint Server

1. On the SharePoint server, open Server manager and click on Manage -> Add Roles and Features.

2. Click Next on the following screen

3. Choose "Select a server from the server pool" and click Next

4. Click Next on the Roles Screen, Select Features from the left, check SMTP from the features, click Next

5. Click Add Features, Next and Install

(II) Install Certificate 

As a part of security requirement, SMTP service is required to implement TLS encryption. Under the Properties for the SMTP service, in the Access Tab, the Require TLS encryption check box is grayed out.

I assume that you already have Active Directory Certificate installed on your environment and certificate is installed in Exchange too. We need to request and install certificate in SharePoint/SMTP server.

a. Run MMC
b. From File menu, Choose Add/Remove Snap-in

b. From the Available snap-ins, select Certificate and click on Add

c. Choose Computer Account and click Next

d. Choose Local Computer from select computer and click Finish

e. You should see certificates(local computer) on the selected snap-ins; and click OK.

f. Right Click on personal,->Choose All Tasks-> Click on Request New Certificate

g. On the Certificate Enrollment, click Next

h. under Request Certificates, choose Computer and Click on Enroll

i. On the certificate installation results page, click Finish

h. In the Certificate console of SharePoint server, navigate to Personal, Certificates, the new certificate has been installed.

Now the certificate is made available to the SMTP service, Secure Communication -> Require TLS encryption is available and no more grayed out.

(III) Configure SMTP on SharePoint Server

a. Browse to Server manager -> Local Server->Tools-> "Internet Information Services (IIS) 6.0 manager"

b.Expand Server Name-> Right Click on SMTP and click on Properties

c. On the General Tab,  select Enable logging and keep everything as default.

d. Click on the Access Tab-> Under Secure communication -> check Require TLS Encryption

e. Under Access->click on Authentication and make sure Anonymous is selected

f. Under Access ->Click on connection and make sure All except the list below is selected

g. Under Access-> Select Relay and make sure All except the list below is selected.

h. Select Delivery Tab-> Outbound Security

i. under Outbound Security, make sure Anonymous Access and TLS encryption are selected

j. Delivery Tab->click Advanced

k. Check the SMTP/SharePoint Server FQDN is displayed.

(IV) Creating Send Connector in Exchange 2013 

(V) Enable Incoming Email on document Library

http://blogs.technet.com/b/harmeetw/archive/2012/12/29/sharepoint-2013-configure-incoming-emails-with-exchange-server-2013.aspx

(VI) Configuring AD to allow contracts to show up in the OAB

https://www.petri.com/configure-email-sharepoint-2010-part-1

A Free Self-Service AD password Change Utility

I have been looking for a free  self-service AD password Change Utility for a while.  There are users who are using AD service accounts for their applications. Users are logging to their machines using the service accounts in order to reset the passwords. Need to take some corrective measures to secure these accounts.

In the meantime I found Passcore - an open source script written in C# using ASP.NE MVC4. I tested in my lab environment and works perfect as designed. I installed SSL certificate  secure the application.

I am documenting it for future references or if anybody needs to know how to install it..

Download the web app from here: http://unopasscore.codeplex.com/

System Requirements:

IIS 7+
Activie Direcotry
.NET 4.5

If you want to make changes to some of the basic settings, you will need Visual Studio 2012

1. Download the zip file from http://unopasscore.codeplex.com/
2. Unzip the files to a folder (I created passcore folder)
3. Copy or move the unzipped folder to the path where your IIS site reside.
 

4. Go to IIS and add folder as a site. Make sure the Application Pool is .NET 4/Integrated Pipeline App Pool and that the bindings are properly configured.

 a. Go IIS, right click on Application Pool -> Add Application Pool as shown below

 

b. Assign any name to Application Pool, Choose .NET Framework v4.0 and integrated  and click OK

 

5. Now I will add this application to run as web site since I will have to assign SSL certificate to this particular apps only.

 a. Under IIS, right click Sites and choose Add Web Site

 

b. On the Add Web Site dialog box, provide Site Name, under Content Directory-> Physical path browse to the location where the passcore folder was copied under inetput folder as show and click OK.

 

c. provide the host name (URL) to access the site

 

d. You  can test the site if it working or not by selecting the web site (passcore) you just created and on the Actions panel on right, click Brows passcore.abc.com.80

e. If everything is configured correctly, you should see the following page

 

6. Securing the apps by installing SSL certificate. Here I am using the internal cert.

Create the Certificate Signing Request

The first step in ordering an SSL certificate is generating a Certificate Signing Request. This is very easy to do in IIS7 using the following instructions. 

1.    Click on the Start menu, go to Administrative Tools, and click on Internet Information Services (IIS) Manager. 

             2.  Click on the name of the server in the Connections column on the left. Double-click on Server Certificates. 

Install the Certificate

To install your newly acquired SSL certificate in IIS 7, first copy the file somewhere on the server and then follow these instructions:

1.    Click on the Start menu, go to Administrative Tools, and click on Internet Information Services (IIS) Manager.

2.    Click on the name of the server in the Connections column on the left. Double-click on Server Certificates.

3.    In the Actions column on the right, click on Create Certificate Request...

4.    Enter all of the following information about your company and the domain you are securing and then click Next.

Leave the default Cryptographic Service Provider. Increase the Bit length to 2048 bit or higher. Click Next.

5.    Click the button with the three dots and enter a location and filename where you want to save the CSR file. Click Finish.

Install the Certificate

To install your newly acquired SSL certificate in IIS 7, first copy the file somewhere on the server and then follow these instructions:

1.    Click on the Start menu, go to Administrative Tools, and click on Internet Information Services (IIS) Manager.

2.    Click on the name of the server in the Connections column on the left. Double-click on Server Certificates. 

3        3.    In the Actions column on the right, click on Complete Certificate Request...

  4.Click the button with the three dots and select the server certificate that you received from the certificate authority. If the certificate doesn't have a .cer file extension, select to view all types. Enter any friendly name you want so you can keep track of the certificate on this server. Click OK.

 

5      5. If successful, you will see your newly installed certificate in the list. If you receive an error stating  that the request or private key cannot be found, make sure you are using the correct certificate and that you are installing it to the same server that you generated the CSR on. If you are sure of those two things, you may just need to create a new Certificate Request and reissue/replace the certificate. Contact your certificate authority if you have problems with this.

Bind the Certificate to a websit

1.    In the Connections column on the left, expand the sites folder and click on the website that you want to bind the certificate to. Click on Bindings... in the right column.

    2. Click on the Add... button.

3   3. Change the Type to https and then select the SSL certificate that you just installed. Click OK.

    4.You will now see the binding for port 443 listed. Click Close.