Internal DNS Server does not respond when TMG is deployed as Edge Firewall

In most common deployments of Forefront TMG, you use Edge Firewall Configuration. For name resolution, you use internal DNS Servers that use forwarders to resolve external IP Addresses.

In some scenarios, I experienced DNS Server stops responding after a few minutes of use or has a discrete behavior of connectivity.

Most often, Flood mitigation is reason for this: 

http://technet.microsoft.com/en-us/library/cc995196.aspx

To disable flood mitigation :

1. In Microsoft Forefront TMG Management Console, Click "Intrusion Prevention System" in the left pane under Server node.

2. Under "Behavioral Intrusion Detection" Tab, Open "Configure Flood Mitigation Settings"

3. Uncheck the checkbox "Mitigate flood attacks and worm propagation"

See screenshot below for help:

That should do the trick.

Still, if you do not want to compromise the security for flood mitigation, you can add ip addresses of your internal DNS Servers to "IP Exceptions" tab of same Dialogue Box.

Publishing CRM without https through TMG.

Warning : Publishing CRM through http is a great risk, because it passes credentials in plain text.


We will Publish CRM Server as following diagram:

1. Open new Web Site Publishing Rule Wizard on TMG by

Right Clicking Firewall Policy in the Left Pane => New => Web-Site Publishing Rule.

2. Supply Rule Name => Action = Allow => Publish Single Web Site or Load Balancer => Select Non Secure Connection => Mention your CRM Server name as internal site name => Select Accept requests for any Domain name => Create a new web Listener or use an existing one => On authentication delegation, choose No delegation but client may authenticate directly => Select All Users => Finish.

3. If your CRM Web Server does not use Default Web Site and uses other port number such as 5555, then Change the Bridging settings by

Right Clicking newly created Firewall Rule => Properties => Bridging Tab => Change Redirect request to this port Property to your port 5555 => Apply.

4. Change Properties of Web Listener as following screenshot:

5. Apply and Test settings. When accessing CRM from external network, you will be asked for CRM user password once only, Then you should be able to Access CRM from external network using http.

Configure Ubuntu Server 11.04 as DHCP Server.

You may have problems while configuring DHCP Server on Ubuntu Server 11.04 because, configuration file locations of Ubuntu Server 11.04 differ from previous releases of Ubuntu. So /etc/dhcp3 directory does not exist in this release.

Run following command on Ubuntu Server 11.04 to install DHCP Server:

#sudo apt-get install dhcp3-server

This will install DHCP Server but will fail while starting service because its not initially configured.

You will have to mention what NIC it will use for DHCP Request handling.

You mention this in /etc/default/isc-dhcp-server:

# Defaults for dhcp initscript

# sourced by /etc/init.d/dhcp

# installed at /etc/default/isc-dhcp-server by the maintainer scripts

#

# This is a POSIX shell fragment

#

# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?

#       Separate multiple interfaces with spaces, e.g. "eth0 eth1".

INTERFACES="eth0"

By editing INTERFACES="", you can mention NIC there. I've used eth0.

You can change DHCP Server Configuration by editing /etc/dhcp/dhcpd.conf from line number 52 like this:

# A slightly different configuration for an internal subnet.

subnet 192.168.0.0  netmask 255.255.255.0 {

  range 192.168.0.0 192.168.0.255;

  option domain-name-servers ns1, ns2;

#  option domain-name "example.com";

  option routers 192.168.0.1;

#  option broadcast-address 10.5.5.31;

  default-lease-time 600;

  max-lease-time 7200;

}

And then after you've configured the server, you start it by:

#/etc/init.d/isc-dhcp-server start

Installing Ubuntu Server 11.04 on Hyper V

Installing Ubuntu Server 11.04 on Hyper V is as same as you would do on a x64 machine or a VM on VMWare/VirtualBox. The problem is the drivers. Hyper V is obviously not going to provide drivers for Ubuntu. You can have a nice installation guide located over here for your reference:
https://help.ubuntu.com/11.04/serverguide/C/installing-from-cd.html
So if you start the installation, go as if you are normal till you encounter following warning:

Continue at this dialog box.
Let the Server install completely.
After you install and log on to the new server, edit the file /etc/initramfs-tools/modules
Type following commands at the prompt:


sudo chmod 777 /etc/initramfs-tools/modules
vi /etc/initramfs-tools/modules


After you open the file, you add following module at the end of the file:


hv_vmbus
hv_storvsc
hv_blkvsc
hv_netvsc


After you make the changes run the following command:


sudo update-initramfs –u
sudo reboot


After a reboot and logging in, you can verify that the modules are added using lsmod command.


And then you can configure the network interface using /etc/network/interface file.


Note: Make sure that you change the permissions of the /etc/initramfs-tools/modules file after you are done.

RPC Server Error, 0x8009480f Error with Certificate with TMG

You get certificate enrollment error when connecting via TMG to CA.

With an error that RPC Server is unavailable.

This happens because of strict RPC Compliance TMG Policy.

Change following to make TMG Certification request work.

How to change Apache Web Server default Listening Port.

It is a simple job to do and nothing is difficult in it.
I am writing this because I was searching for it on Google but did not find it easily.


If you've installed apache web server on windows, and you want to change default port because either you're using IIS or there's something already listening to port 8080/80.


To change default port goto:
C:\Program Files\Apache Software Foundation\Apache2.2\conf
Open httpd.conf in notepad. You can easily edit LISTEN Parameter to change Port.
In my case i've changed it to 98.

Being administrator is not enough!!!

I got an error while attaching a database from SSMS when I did a right click on databases and clicked attach, then Selected the .mdf File to attach then it threw a common OS error 5, which means "Access Denied"(An administrator should rarely get this error)!


This made me unhappy for a while, because I was using Windows Authentication with logged on as domainname\administrator.
A possible workaround was to check permissions on the file that was being accessed by me.
I checked permissions, then took ownership, the edited and added myself but no Luck!!


Then I checked the Service Credentials that are used to run the SQL Server Service and the SQL Server Agent Service.
They were neither using NETWORK SERVICE credentials, nor Administrator.
They were configured a long long ago by myself as a user which was part of Domain Admins group.(I thought the group membership would be enough to run everything smoothly.)


So I changed the service logon credentials by
Right Click MSSQLSERVER Service => Properties => Log on=> Enter admin/network credentials.
Right Click SQL Server Agent Service => Properties => Log on=> Enter admin/network credentials.


Then Restarted MSSQLSERVER Service, which restarted both of them.
And now my Database got attached!!!

Changing Logon Screen through Group Policies, Windows 7 and Windows XP

There's an easy way to change Logon screen of computers running Windows 7 through group policies. For windows XP, it requires some additional tweaks.


For Windows 7:


First, Create a jpg file you want as logon screen background which should be less than 256kb, name it as backgroundDefault.jpg and place it inside a server share, ex. \\servername\share\backgroundDefault.jpg


In the Group Policy Management Console, edit the GPO to change following settings.
Computer Configuration => Preferences => Windows Settings => Files => New File 
set the parameters as following image.

now apply the policy, and run gpupdate /force to check whether its working or not.
If its not, you'll have to update a registry key.
The key is HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background
see following screenshot to update it.

Now you should have your Logon Background changed. Be sure to add computers to which the logon screen applies, in the scope of group policy.


For windows XP:


You'll need to change three registry keys, instead of adding file as Background image. But the image on shared server should be .bmp and less than 256kb. (Note: Mine worked with 2 MB image.)
Do the same procedure above to add/edit keys in registry.
See following to change the keys.

You should now be having your Background Logon changed.

Advanced WSUS Troubleshooting for error 0x8024401f

Error 0x8024401f  may prevent you from installing updates from WSUS.
This error means the IIS had an internal server error while processing download request.

I didn't know that.

You may get something like this in your C:\Windows\WindowsUpdate.log :

________________________________________________________________

   *   UpdateId = {5BA0608C-87FC-4CF1-9374-033C4B79E5D7}.100
2011-05-23 14:32:32:985  924 91c Agent   *     Bundles 1 updates:
2011-05-23 14:32:32:985  924 91c Agent   *       {231511E5-E672-4A13-91BD-8E166A1557D1}.100
2011-05-23 14:32:33:078  924 988 DnldMgr Error 0x8024401f occurred while downloading update; notifying dependent calls.
2011-05-23 14:32:33:078  924  c8 DnldMgr Error 0x8024401f occurred while downloading update; notifying dependent calls.
2011-05-23 14:32:33:093  924 91c Agent *********
2011-05-23 14:32:33:093  924 91c Agent **  END  **  Agent: Downloading updates [CallerId = Microsoft Forefront Client Security]
2011-05-23 14:32:33:093  924 91c Agent *************
2011-05-23 14:32:33:093  924 91c Report REPORT EVENT: {0FDCDB7B-13DB-4F4E-B130-98CAE2F7B71B} 2011-05-23 14:32:29:657+0530 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Software Synchronization Windows Update Client successfully detected 60 updates.
2011-05-23 14:32:33:093  924 91c Report REPORT EVENT: {1CF1F7FF-391B-47A5-8038-67BB8B147097} 2011-05-23 14:32:29:657+0530 1 156 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Pre-Deployment Check Reporting client status.
2011-05-23 14:32:33:093  924 91c Report CWERReporter finishing event handling. (00000000)
2011-05-23 14:32:33:093  924 91c Report CWERReporter finishing event handling. (00000000)
2011-05-23 14:32:33:093  924 91c Report CWERReporter finishing event handling. (00000000)
2011-05-23 14:32:33:093  924 91c Report CWERReporter finishing event handling. (00000000)
2011-05-23 14:32:33:093  924 91c Report CWERReporter finishing event handling. (00000000)
2011-05-23 14:32:33:093  924 91c Report CWERReporter finishing event handling. (00000000)
2011-05-23 14:32:33:093  924 91c Report REPORT EVENT: {EEE61AE6-BAB0-40E5-980E-F5C31552316D} 2011-05-23 14:32:29:719+0530 1 163 101 {E75471D2-0D1A-4101-858F-2803F5DE9453} 100 0 AutomaticUpdates Success Content Download Download canceled.
2011-05-23 14:32:33:093  924 91c Report REPORT EVENT: {1C46C78E-B600-4B21-ABB1-2572EE7D5922} 2011-05-23 14:32:29:750+0530 1 163 101 {A7BF88EE-CFBB-4947-B0BC-52630F561340} 102 0 AutomaticUpdates Success Content Download Download canceled.
2011-05-23 14:32:33:093  924 91c Report REPORT EVENT: {1322E118-A312-448E-ADC1-0E1D273E0901} 2011-05-23 14:32:29:796+0530 1 163 101 {8D807A34-2A08-4F5E-B722-C12BE78C8D15} 104 0 AutomaticUpdates Success Content Download Download canceled.
2011-05-23 14:32:33:093  924 91c Report CWERReporter finishing event handling. (00000000)
2011-05-23 14:32:33:155  924 988 DnldMgr BITS job {E804C303-7E29-4794-8610-EFAEB428027D} hit a transient error, updateId = {231511E5-E672-4A13-91BD-8E166A1557D1}.100, error = 0x801901F4
2011-05-23 14:32:33:155  924 988 DnldMgr   Attempt no. 1 to resume the job
2011-05-23 14:32:33:217  924  c4 DnldMgr Error 0x8024401f occurred while downloading update; notifying dependent calls.
2011-05-23 14:32:33:217  924 988 DnldMgr Error 0x8024401f occurred while downloading update; notifying dependent calls.
2011-05-23 14:32:33:233  924  c8 DnldMgr BITS job {E804C303-7E29-4794-8610-EFAEB428027D} hit a transient error, updateId = {231511E5-E672-4A13-91BD-8E166A1557D1}.100, error = 0x801901F4
2011-05-23 14:32:33:233  924  c8 DnldMgr   Attempt no. 2 to resume the job
2011-05-23 14:32:33:295  924  c8 DnldMgr BITS job {E804C303-7E29-4794-8610-EFAEB428027D} hit a transient error, updateId = {231511E5-E672-4A13-91BD-8E166A1557D1}.100, error = 0x801901F4
2011-05-23 14:32:33:295  924  c8 DnldMgr   Attempt no. 3 to resume the job
2011-05-23 14:32:33:341  924 988 DnldMgr BITS job {E804C303-7E29-4794-8610-EFAEB428027D} hit a transient error, updateId = {231511E5-E672-4A13-91BD-8E166A1557D1}.100, error = 0x801901F4
2011-05-23 14:32:33:341  924 988 DnldMgr   Will not attempt to resume the job as it has reached the maximum number of attempts.
2011-05-23 14:32:33:341  924 988 DnldMgr Error 0x8024401f occurred while downloading update; notifying dependent calls.
2011-05-23 14:32:33:403  924 9bc DnldMgr Error 0x8024401f occurred while downloading update; notifying dependent calls.
2011-05-23 14:32:33:651  924 9bc DnldMgr Error 0x8024401f occurred while downloading update; notifying dependent calls.
2011-05-23 14:32:33:666  924  c4 DnldMgr Error 0x8024401f occurred while downloading update; notifying dependent calls.
2011-05-23 14:32:33:666  924  94 AU AU checked download status and it changed: Downloading is paused

_______________________________________________________________

So, first I checked it at the client's side if there was something in event log and then server's event log and got nothing.
Then I tried to browse my WSUS URL from Internet Explorer,
http://servername:8530/Content
and got error 500 Internal Server Error.
The error claimed that there were some duplicate MIME Type issues with IIS Configuration.
What does that mean?
So I Googled it, and then changed MIME Types that were added twice in IIS Settings.

On the error page, you can find those MIME Types which are repeatedly declared. In my case it was the ".psf application/octet-stream".
so, go to IIS Manager, Click WSUS Website features view, Select MIME Types, and delete the MIME Type from there.
Restart the website and check if you can Download updates now.

Publishing an FTP Filezilla Server with TMG

I wanted to publish a FTP Server on our internal network for some instant file transfers. I chose Filezilla as I was using windows.


Quickly configuring file transfer :
After installing filezilla, 
Settings to do on Filezilla :
1. choose port you want server to be Run at Edit => Settings => General Settings => Listen on this port. Default is 21.
2. Create a User in Filezilla Server.
3. Add a home directory and give permissions.

Settings to do on TMG :
1. Firewall Policy => Right pane => Tasks => Publish non web server protocols.
2. Type name => Type internal FTP Server on which you have filezilla server installed on => Select protocol FTP Server => Click button ports => If you want to change port that TMG listens on, change the default port. => Select networks External.
3. Important : Right click on newly created FTP Rule => Select "Configure FTP" and uncheck Read Only.

Connecting from Filezilla or any other FTP Client:
Give TMG Public External ip followed by port number 21 or if you've configured any other.
Give username.
Upload data.


Refer this for help : http://technet.microsoft.com/en-us/library/cc995163.aspx

5 Things you can do to make your android efficient...

Google android is becoming more and more popular these days.

Me and many of my friends have already started using android. I have seen some android users are experiencing lags while opening applications, menus etc.

Here is what I do to keep my android good and healthy :

1. Try Installing a Third Party Home Replacement application that uses least memory and CPU :

Home replacement application is a application is the thing what you see when you press home button on your android. Every Manufacturer including Samsung, LG, HTC etc. Have their own homes in their phones. You can install a Third Party Home Replacement Application that is lightweight. Most important thing is You have to use it without any customization. Some of home replacement apps are OpenHome, iHome, aHome, ADW Launcher etc. If you feel these applications are heavier than your original manufacturer Home Screen, then revert settings back to Home. GO Launcher, ADW Laucher are lightweight Home Screen Replacements if you configure them properly.

2. Analyze running processes and shut them down if necessary :


There are many processes running in background that consume RAM in your phone and may cause slow performance. You can view and stop running system services in Settings => Applications => Running Services.
I usually stop following services :
PlaybackService (From DI Radio)
File Expert
Yahoo Messenger

3.  Clear RAM with Task Manager :


Most probably you must be now using Android 2.2 Froyo.
Android 2.2 Froyo has a built in Task Manager application which help you in clearing RAM that kills background processes and frees up RAM.
WARNING! Check that you have no important work going on in the background before clearing memory.


4. Disable Live Wallpapers :


Live wallpapers obviously occupy GPU Memory. When your GPU is up, it starts consuming CPU Usage. This will surely slow down your phone. It also needs to keep itself loaded with textures in RAM so that when you switch to your home, it should show up quickly.


5. Use minimum required or no widgets :


Widgets are also battery and data consuming, depends upon which widget you are using. Background Data is good thing to keep your phone updated, depends on how frequently you use widgets. I keep following widgets off my screen, always :
Youtube (CPU Consuming on startup)
Facebook
Weather
Buddies Now(Samsung Phones)

Devoted to duty, sysadmin cartoon

Just saw a cartoon on web how sys admin is devoted to his work...

courtesy-yonitg.com

Be Careful with Group Policies....

Puff... I was in a great problem recently....

We have Microsoft Dynamics CRM 2011 deployment over here, which stopped working unexpectedly and started to throw, when trying to access it using URL, error which said:

Business Management Error

"You are attempting to create a user with a domain logon that does not exist."

Secondly I noticed, that some of users were having problems of Trust relationship with the domain. We have only one Domain Controller.

The Third thing I found was the error while updating Group Policies.

Whenever I used gpupdate /force to update policies on workstation I would get:

The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Another problem I came across was a user had his password expired and he was unable to change it.

All of this happened within one hour and I was on my knees to find the root of problem.

One thing I noticed was everything has something to do with the connectivity with Domain Controller.

So in order to find root cause of these, I temporarily disabled all links of Group Policies that would be applicable to the Domain Controller Server itself, somehow.

Then ran a gpupdate /force on DC itself. Bravo! It all started to work like charm. Then I checked those Group Policies I disabled, and found the problem.

The DC locked himself because the wrongly applied policy was in:

Computer Configuration=>Windows Settings=>Security Options=>User Rights Assignment

"Access this computer from network"

This policy will restrict access to that computer through network for only those users which are defined in it.

So be careful while configuring new Group Policies.

Blocking Google Talk and other sites using Group Policies.

One easy way to block access to users from visiting specific domains is to change the contents of hosts file.
In your AD Environment, you will not surely go to each computer to edit hosts file.
Here's what I did at mine:
1. First, copy your hosts file from C:\Windows\System32\drivers\etc\ to your Desktop.
2. Open file with notepad and add the domain names you want to block and loop them back to localhost. Following is mine example:


# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1       localhost
# ::1             localhost
127.0.0.1 talk.google.com
127.0.0.1 talkx.l.google.com
127.0.0.1 chatenabled.mail.google.com
127.0.0.1 talkgadget.google.com


3. Save a copy of the file on a share that is easily accessible ex. //servername/share/hosts, but make sure it is read only file and no one can make changes to this file.


4. Now Open Up Group Policies on Domain Controller or AD computer using gpmc.msc


5. Within an existing Group Policy Object or a new one, add computers on which you want to block it.

6. Then right click on GPO to edit its settings. and then change its settings to one like following.

Then, when your policy gets updated, you have blocked gtalk on your domain. :)

Microsoft Dynamics CRM asks repeatedly for credentials.

Recently I installed Microsoft Dynamics CRM 2011 successfully.

Then when I tried to access the CRM Website, with

http://servername:5557/

It asked me for credentials.

Actually it was supposed to log in automatically with currently logged on user on domain.

This happens due to problem in authentication method in IIS.

To troubleshoot this, I did a workaround and got it working.

1. Go to IIS Manager using inetmgr.

2. Expand tree and Click on Microsoft Dynamics CRM Website.

3. In the Features View, Double Click Authentication.

4. Select "Windows Authentication" and Click "Providers" in right hand pane.

5. Inside Providers dialogue box, Remove all except NTLM and click Ok.

Now your CRM website should not ask for your credentials anymore, provided you are logged on same domain in which CRM is installed.

Microsoft SCE (System Center Essentials) Installation fails with 1603

When you Run Microsoft System Center Essentials setup. Everything goes fine and smooth until it throws you a screen mentioning that the setup has failed.

When you view the log file, you notice error 1603.

What I did to solve error was, Uncheck the checkbox during setup which says "Use microsoft update..."

When the setup fails to connect to Microsoft Update, it throws above error.

Removing Lync Server 2010

I was removing my Lync Server Test Deployment.


Its pretty easy.
Here's what I have done :


1. Start => All Programs => Microsoft Lync Server 2010 => Topology Builder.
Open the existing deployment in i.e. Published Topology in Topology Builder.
The topology Builder lists all the servers and their roles.
First of all, try to remove all the servers except the one you are removing Lync Server on, Manually.
Then Right Click the Site you wish to remove.
Under Publish Menu, Choose the "Remove Deployment" option.
This will open up the "Remove Deployment Wizard"
The wizard will Remove all the servers from the Topology Leaving some Required Servers back.
It will leave the server still in topology which has the Central Configuration Store And Local SQL RTC instance.
Then Publish this topology by Right Clicking the Site Publish => Publish Topology.
Then close the Topology Builder.


2. Open up the Lync Server Deployment Wizard from Start => All Programs => Lync Server 2010 => Deployment Wizard.
This will help us to Remove the components that we published Above.
Then Open Install or Remove Lync Server Components.
After completion of this wizard, All the Lync Server Roles are removed from the server.


3. Then open an elevated command prompt and Change your directory to <Installation directory>\Server\
Mine was D:\Program Files\Microsoft Lync server 2010\Server\
Then let the following command perform :


bootstrapper.exe /scorch


This will remove all OCS packages from the server.


4. Then remove "Lync Server Core Components" from Control Panel => Programs and Features


5. (Optional) Remove the SQL Server RTC instance from the server.


6. (Optional) Remove the following Groups from Active Directory :


CSAdministrator
CSArchivingAdministrator
CSHelpDesk
CSLocationAdministrator
CSResponseGroupAdministrator
CSServerAdministrator
CSUserAdministrator
CSViewOnlyAdministrator
CSVoiceAdministrator
RTCComponentUniversalServices
RTCHSUniversalServices
RTCProxyUniversalServices
RTCSBAUniversalServices
RTCUniversalConfigReplicator
RTCUniversalGlobalReadOnlyGroup
RTCUniversalGlobalWriteGroup
RTCUniversalReadOnlyAdmins
RTCUniversalSBATechnicians
RTCUniversalServerAdmins
RTCUniversalServerReadOnlyGroup
RTCUniversalUserAdmins
RTCUniversalUserReadOnlyGroup


7. Remove the installation directory that has only Web Components remaining.
Mine was D:\Program Files\Microsoft Lync Server 2010


Repeat same procedure for all Deployed Servers.
This is what I did for my Lync Removal, If anything's wrong please post here.
If this helped you, please post here.

CRM Outlook Client Installation fails

When you try to configure outlook client for Microsoft dynamics CRM 
with offline access, you come up with following : 

Action Microsoft.Crm.Config.Common.InstallDatabaseAction

failed. The network path was not found.

This error is caused because you are trying to install outlook client

with offline access for more than one users.

What I did was :

1. Go to SQL Surface Area Configuration.

2. Add myself as administrator.

Tried installation again, but that didn't work.

Next I,

1. Removed Microsoft Dynamics CRM Outlook Client.

2. Removed SQL Server instance components for CRM instance from

 "Programs and Features".

3. Again installed Microsoft Dynamics CRM Outlook Client.

And now, you can configure with configuration wizard.

Can not sign in automatically to Lync Server 2010.

I deployed a standalone Lync Server Standard 2010.
but When I was trying to sign in from client, I was unable to.
The error I was gettting :


" Can not sign in to Lync Server because the server is temporarily unavailable. If the problem continues, please contact your support team."


I verified that all the Lync Server Services on the server were up and running.


What I did was :
1. Open Lync 2010.
2. Go to Settings => Personal => Advanced.
3. Select Manual Configuration and add FQDN of Standard Edition Server.


and then tried again and it worked!


The client was unable to find the Lync Server automatically.
I solved the problem by adding a DNS record to service on Lync Server.


Just follow the steps on link below :


http://technet.microsoft.com/en-us/library/bb663700(office.12).aspx


After you add entry, you should now be able to sign in to Lync Automatically.

Problems Encountered in Deployment of Microsoft Lync server 2010.

Recently I had a chance to deploy Microsoft Lync Server 2010.
I encountered some errors during its installation.
I will list them down below.


With the topology published, and Local Configuration Store installed, I proceeded towards "Install or Update Lync Server System" => "Setup or Remove Lync Components"


The Setup or Remove Lync Components Makes necessary changes towards the deployment, as define them and publish them in Topology Builder.


As I ran the Setup or Remove Lync Components, It proceeded and came up with following.


Command execution failed: The process cannot access the file because it is being used by another process. (Exception from HRESULT: 0x80070020)


It is a problem that is caused by a port number that is being used by server and preventing Lync Server Websites to start.
In order to get past this error you must be able to start both the Lync Server Internal Website and Lync Server External Website.
So when providing ports in Topology Builder, always make sure that those ports are unique and not used by any other process. Conflicting of these ports causes Lync server websites prevent from starting.


Following command may help you if you want to find out if any of the ports are being used or not :


netstat -aon | find ":portnumber"


Also check information and bindings in inetmgr, if any of the websites are using that port.




Another error was caused while "Requesting and Assigning new certificates" from my internal CA(Certificate Authority).


System.Runtime.InteropServices.COMException (0x800706BA): The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)


This is a problem caused by firewall, in my case.
Disable firewall, if any and then try connecting again, it will work for sure.
We have Microsoft Forefront Threat Management Gateway installed.


What I did was :
1. Open Forefront TMG.
2. Right Click Access Rule that deals with internal network traffic.
3. Configure RPC Protocol
4. Uncheck "Enforce strict RPC Compliance."
5. Click "Firewall Policy" then click "Edit system policy" in right hand pane.
6. Under Authentication Services, Click Active directory and uncheck "Enforce strict RPC Comliance."
7. Apply changes.


The above procedure must almost be same for Microsoft ISA Server too.

CRM Deployment Problems with Windows 2000 Domain.

Recently I had one scenerio for deploying CRM in following environment :
Windows 2k Server Domain : DC01, DC02. Both Trusted, Replicated domain controllers.
Windows Server 2008 R2 as CRM Server.
Windows Server 2008 with SQL Server 2005 SP3.


I started CRM Setup filling all the information as guided in Microsoft Dynamics CRM Implemetation Guide provided by Microsoft.
Later in Self Check being second last step of setup, it showed me that Reporting Server was configured incorrectly and it was unable to connect to http://servername/ReportServer URL.
Then I tried browsing ReportServer URL. It showed up with error :
HTTP Error 500.23 - Internal Server Error
An ASP.NET setting has been detected that does not apply in Integrated managed pipeline mode.
This usually happens when you have IIS7 on Reporting Services Server.


What I did was :
1. Run inetmgr
2. Expand Default Website
3. Go to Basic Settings of ReportServer Website.
4. Change the application pool to Classic .net Apppool.
5. Restart website.


This should get yourself a working Report Server.


Now that The dynamics CRM Setup completed all of its checks,
I clicked "Install" to start installation.


With the installation completed half, I came up with the error:


 Error| System.Exception: Action Microsoft.Crm.Setup.Server.GrantConfigDBDatabaseAccessAction failed. ---> System.Data.SqlClient.SqlException: Windows NT user or group 'Domain\SQLAccessGroup {9e798758-54f6-44a6-93a6-51b6faf49928}' not found. Check the name again.


I clicked retry, Hail microsoft, it worked!


Installation completed its progress, Finish installation, now browsed http://servername:5555/
Navigated to administration => Users => New User
typed a name in logon name box, hit tab, then all the fields filled themselves up with information they retrieved from Active Directory.


Then when I clicked Save and Close, It showed up error :
"You are attempting to create a user with a domain logon that does not exist.  Select another domain logon and try again"


This had something to do with Domain and Active Directory.
Then what I did was :
1. Remove CRM from "Programs and Features"
2. Remove CRM Databases from SQL Server.
3. Remove User Groups created in Active Directory.
4. Remove installation Directory contents, if any.
5. Install hotfix KB976494 http://support.microsoft.com/kb/976494
6. Reboot Computer.
7. Restart installation.
This time it again showed up with the same error when half the installation was completed.
8. Then retry, hail microsoft, it continued.
But after installing the hot fix the error was resolved.
I was able to add users easily.


I think this error was occurred because of something that has to do with the Active Directory synchronization. The time taken by AD to sync between DCs is insufficient when CRM setup creates users.

Errors encountered during installation of CRM 2011 Beta

One can easily follow steps required during CRM 2011 Beta Installation if he reads implementation guide supplied by Microsoft.
I will note down here some errors and recommendations that I encountered and my personal conclusions.
CRM Installation is not a big deal.
1. Create a seperate container in Active Directory to keep CRM 2011 Users and Groups. That will help you troubleshooting and managing your CRM.
2. The first error I encountered was with SQL Server. Most of the errors you come to know when second-last step of setup i.e. Self check stage. 

SqlServerValidator.Failure.OsVersion

This error caused due to OS on which the SQL Server was installed was x86.

This tell you need to have a x64 or 64 bit SQL Server.

3. Then I Installed SQL Server on a 64 bit Server. But the problem was the server was Threat Management Gateway. The Threat Management Gateway installs its database instances that run on port number 1433 named ISARS. When the self check was going on, It showed up with error that "Check SqlServerValidator : Failure: Could not connect to the following SQL Server: ''. Verify that the server is up and running and that you have SQL Server administrative credentials. "

Then I tried connecting to MSSQLSERVER i.e. default instance of SQL Server through SQL Server Management Studio. It got connected successfully. Then what was the problem.

Then I found out that the MSSQLSERVER instance and ISARS instance were listening to same port i.e. 1433.

Solution: Go to Start => All Programs => Microsoft SQL Server => Configuration Tools => SQL Server Configuration Manager.

Expand SQL Server Network Configuration in the left pane.

Click Protocols for MSSQLSERVER

Double click open TCP/IP in right hand pane.

Go to IP Addresses tab.

Verify that the instance is listening to port number 1433.

Repeat the process for other instances, but verify that other instances are using ports other than 1433.

My conclusion is To install CRM Server 2011 you need to run MSSQL instance on port number 1433 only.

No other instance should run on 1433.

Then Restart all the instances you have made changes to.

CRM Server self checkup should now be able to find your SQL Server instance.