Connect to Exchange Online with Powershell

This can be done in 3 easy steps (taken from the article at https://docs.microsoft.com/en-us/powershell/exchange/exchange-online/connect-to-exchange-online-powershell/connect-to-exchange-online-powershell?view=exchange-ps)

$UserCredential = Get-Credential

When prompted, enter your tenant logon (username@<tenant>.onmicrosoft.com) information including password

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

This creates a session object holding the connection to Exchange Online.

Import-PSSession $Session -DisableNameChecking

This imports the session (places it live) inside your current Powershell session. You could, of course, also do a

Enter-PSSession $Session

if you want to connect and run the commands remotely / directly on Exchange Online but then you lose all sorts of things like auto-complete.

 

 

 

 

Do I really really need a new SSL certificate for Office 365 ?

When migrating to Office 365 from on premise Exchange, you may be following the hybrid route where an Exchange server is placed on site to act as a broker or intermediary between the Office 365 mail organisation and the on premise org.

For the on premise Exchange servers, you may well have a wildcard SSL certificate in place which serves you very well thank you very much. When you stand up your hybrid server, its easy to think “I know, I’ll just use my wildcard cert, that’s good enough as it will cover any names I need”.

Well, no, it doesn’t actually. Microsoft do have a list of pre-reqs for deploying the hybrid role at https://docs.microsoft.com/en-us/Exchange/hybrid-deployment-prerequisites where they make it nice and clear:

pic5

The important word there is must. It’s so important that the name used for autodiscover (usually autodiscover.yourdomain.com) is present in the SAN portion of the certificate that they even repeat the advice under the certificate requirements section at https://docs.microsoft.com/en-us/Exchange/certificate-requirements.

pic6

What happens if you are feeling brave and still want to use that wildcard certificate for your Exchange hybrid server ? All sorts of weird things. For a start, you will get certificate errors mentioning the name of the underlying host…. even though that’s not mentioned in autodiscover.

pic8

On top of that, you’re free busy information might not work instead displaying “Free / Busy information is not available”

pic7

So, do yourself a favour and buy yourself a nice shiny new cert with all of the names you need on it…. it’s far cheaper in the long run than to spend ages troubleshooting why things aren’t working… as I learned the hard way.

Block Store in Office 2016

When you install Office 2016, your users gain access to the Microsoft Store (no reason not to try and sell when you can, right, am I right, am I right ?)

You may not want to have your user base downloading and installing applications onto your internal estate. So, how do you disable the behaviour ?

Microsoft have provided a GPO to turn off the store / remove the button but it only works in Outlook !

This GPO setting is available in the User Configuration section at Microsoft Outlook 2016 –> Outlook Options –> Other. Enable the policy “Hide the Office Store button”

Pic1

Like I say, it’s under “Outlook Options” so only affects Outlook. How to disable for other Office Applications ?

The article at https://docs.microsoft.com/en-us/previous-versions/office/office-2013-resource-kit/cc178992(v=office.15) does prove a reg key (for 2013) that will block access to the stores and this will likely work for 2016 (with an appropriate adjustment to the path of the key for 2016 to access). However, there is a simpler way.

Just use GPOs to drive the “Trust Center” to not allow Store Apps to start. This setting is at  Microsoft Outlook 2016 –> Security Settings –> Trust Center –> Trusted Catalogs. IN there is a value “Block Office Store” – simply enable that.

Pic2

Now, when users access the store, rather than getting this 👇

pic3

Users will see this 👇

pic4

i.e. the Store button is still visible but they cannot download or use apps from the Microsoft Store but you, as an administrator, can still release applications you do want them to use to them.

How to delete a host that is in (pending) state in SCVMM

When deleting a Hyper-V host from SCVMM, it may shows the status as “Pending” under VMs and Services / Fabric sections.

If this occurs then the following Microsoft provided fix should be able to help you out (everything done at your own risk naturally).

0) Migrate all VMs off the host to be removed and shutdown host if you haven’t done it before
1) Stop the SCVMM services on the SCVMM server
2) Open SQL Management Studio and attach to the VirtualManagerDB. The name may be different if you modified it during installation.
3) Take a full backup of the database.
4) Right click on the VirtualManagerDB and select New Query
5) Paste the following script in

/*Remove host hardware */
BEGIN TRY
BEGIN TRANSACTION T1

DECLARE @ComputerName AS NVARCHAR(50)
DECLARE @HostID AS NVARCHAR(50)
DECLARE @AgentServerID AS NVARCHAR(50)

/* set variables */
SET @ComputerName = ‘server1.contoso.com‘ /* Insert FQDN of host to be removed here */

SET @HostID =
(
SELECT HostID FROM tbl_ADHC_Host
WHERE ComputerName = @ComputerName
)
SET @AgentServerID =
(
SELECT AgentServerID FROM tbl_ADHC_AgentServerRelation
WHERE HostLibraryServerID = @HostID
)

/*Start removal*/
/* Remove of HBA networking */
DELETE FROM tbl_ADHC_ISCSIHbaToPortalMapping
WHERE ISCSIHbaID in
(
SELECT hbaid FROM tbl_ADHC_HostBusAdapter
WHERE HostID = @HostID
)

DELETE FROM tbl_ADHC_ISCSIHbaToTargetMapping
WHERE ISCSIHbaID in
(
SELECT hbaid FROM tbl_ADHC_HostBusAdapter
WHERE HostID = @HostID
)

DELETE FROM tbl_ADHC_HostInternetSCSIHba
WHERE ISCSIHbaID in
(
SELECT hbaid FROM tbl_ADHC_HostBusAdapter
WHERE HostID = @HostID
)
DELETE FROM tbl_ADHC_FCHbaToFibrePortMapping
WHERE FCHbaID in
(
SELECT HBAId FROM tbl_adhc_HostBusAdapter
WHERE HostID = @HostID
)

DELETE FROM tbl_ADHC_HostFibreChannelHba
WHERE FCHbaID in
(
SELECT HbaID FROM tbl_adhc_HostBusAdapter
WHERE HostID = @HostID
)

DELETE FROM tbl_ADHC_HostSASHba
WHERE SASHbaID in
(
SELECT HBAId FROM tbl_adhc_HostBusAdapter
WHERE HostID = @HostID
)
DELETE FROM tbl_adhc_HostBusAdapter
WHERE HbaID in
(
SELECT HBAId FROM tbl_adhc_HostBusAdapter
WHERE HostID = @HostID
)

/* Remove Host Networking */

DELETE FROM tbl_NetMan_HostNetworkAdapterToLogicalNetwork
WHERE HostNetworkAdapterID in
(
SELECT NetworkAdapterID FROM tbl_ADHC_HostNetworkAdapter
WHERE HostID = @HostID
)
DELETE FROM tbl_ADHC_HostNetworkAdapter
WHERE NetworkAdapterID in
(
SELECT NetworkAdapterID FROM tbl_ADHC_HostNetworkAdapter
WHERE HostID = @HostID
)

/*Remove host hardware */
DELETE FROM tbl_ADHC_VirtualNetwork
WHERE HostID = @HostID
DELETE FROM tbl_ADHC_HostVolume
WHERE HostID = @HostID
Delete FROM tbl_WLC_VDrive
WHERE HostDiskId in
(
SELECT diskid from tbl_ADHC_HostDisk
Where HostID = @HostID
)
DELETE FROM tbl_ADHC_HostDisk
WHERE HostID = @HostID
DELETE FROM tbl_WLC_PhysicalObject
WHERE HostID = @HostID
DELETE FROM tbl_WLC_VObject
WHERE HostID = @HostID

/* Remove references to host */

DELETE FROM tbl_ADHC_HealthMonitor
WHERE AgentServerID in
(
SELECT AgentServerID FROM tbl_ADHC_AgentServerRelation
WHERE HostLibraryServerID = @HostID
)
DELETE FROM tbl_ADHC_AgentServerRelation
WHERE AgentServerID in
(
SELECT AgentServerID FROM tbl_ADHC_AgentServerRelation
WHERE HostLibraryServerID = @HostID
)
DELETE FROM tbl_ADHC_AgentServer
WHERE AgentServerID in
(
SELECT AgentServerID FROM tbl_ADHC_AgentServerRelation
WHERE HostLibraryServerID = @HostID
)

/*Remove physical machine info*/
DELETE from tbl_PMM_PhysicalMachine
WHERE PhysicalMachineID in
(
SELECT PhysicalMachineID from tbl_ADHC_Host
WHERE HostID = @HostID
)

/* Final host removal */
DELETE FROM tbl_ADHC_HostCluster
WHERE AvailableStorageHostID = @HostID
DELETE FROM tbl_NetMan_InstalledVirtualSwitchExtension
WHERE HostID = @HostID
DELETE FROM tbl_RBS_RunAsAccountConsumer
WHERE ObjectID = @HostID
DELETE FROM tbl_VMMigration_EndpointLUNMapping
WHERE EndPointID = @HostID
DELETE FROM tbl_ADHC_HostBusAdapter
WHERE HostID = @HostID
DELETE FROM tbl_ADHC_Host
WHERE HostID = @HostID
DELETE FROM tbl_WLC_VNetworkAdapter
WHERE HostID = @HostID
DELETE FROM tbl_TR_RefresherState
WHERE RefreshRootObjectID = @HostID
COMMIT TRANSACTION T1
END TRY

BEGIN CATCH

IF @@TRANCOUNT > 0
ROLLBACK TRAN T1
END CATCH

6) Change server1.contoso.com to be the FQDN yourserver@yourdomain.com of the server we would like to remove. Make sure to leave the single quotes around the name.

7) Highlight the entire script and click Execute. You should execute teh script twice. On the second time there should be 0 rows affected, if the transaction worked as it should the first time.

8) Exit SQL Management Studio and start the SCVMM services.

9) On VMM Server Run Get-SCVMHost -ComputerName yourserver@yourdomain.com to make sure it is not there. Or you can search for it in VMM admin console

10) Host has been removed successfully

 

If you have any issues, step 3 did recommend that you take a backup of the database and you should restore this database to return you to the starting position if necessary.

Default NetScaler changes

When deploying a NetScaler, Citrix recommend that you make these changes by default (https://support.citrix.com/article/CTX121149 ).

The Windows Scaling one was particularly useful on a customer site recently where connections over CAG would drop due to window size on the TCP stream not being negotiated with the ASA filrewall correctly. Enable windows scaling and the issue went right away.