Archive for February, 2013

There I was installing Exchange Server 2013 on a brand new Windows 2012 Server. All the pre-reqs went on fine, AD Schema extended, no problems, how simple could it be?

And yet, the setup itself fails!?!? I can’t even begin to understand how a vanilla setups on a clean fresh server could fail.

So, during the setup, it gets to :Step 7 of 14: Mailbox Role: Transport Service” and then fails with


The following error was generated when “$error.Clear();

          if ( ($server -eq $null) -and ($RoleIsDatacenter -ne $true) )


            Update-RmsSharedIdentity -ServerName $RoleNetBIOSName


        ” was run: “Database is mandatory on UserMailbox. Property Name: Database”.

Looks like Microsoft *still* haven’t been able to work out how to provide actual useful error messages.


On a brand new System Center Orchestrator 2012 install the web console was showing the basic site, but would show no details for Runbooks or Runbook Servers.

It would work fine if I connected using the “Orchestrator Admin” account used during install, but other accounts were all having problems. It seemed obvious that permissions were the problem, but where exactly? All those same users could use the Orchestrator Designer console without any problem, so it seemed they had all the permissions needed.


Have found an issue when using the Orchestrator Web Console where the permissions a user has are still active after they have been removed.


  1. Permissions are granted to an AD group to a runbook folder using the Designer console
  2. User is added to the AD group
  3. User can connect to Designer and also the Web Console to see and manage the runbooks in that folder
  4. Remove the user from the group
  5. In Designer, the user no longer has access and cannot see the folder or runbooks
  6. In the Web Console, the permissions are unchanged and the user can still view and manipulate the runbooks

Suggestions provided through a post to the technet forums suggested that the permissions are cached in the SQL database in the “Microsoft.SystemCenter.Orchestrator.Internal.AutorizationCache” table, however this table was already empty

Restarting the Servers, services, logging the user off and on etc made no difference. The permissions still persisted the following day.

Another user suggested this is a known bug and that they resolved it with a call to Microsoft. I can find no other mention/reference of this bug, so a call to Microsoft it is…


My Adventures with PHPBB running on an all Microsoft platform began many years ago. Much trial and error resulted in the first forums with V2. When they released V3 there was a much improved situation with documentation and guides, but it was still a tough thing to get right. It’s a community that favours Linux/Apache/MySQL, so getting assistance for Windows/IIS/MSSQL is pretty tough.

This time around I’m starting a completely fresh install on Windows Server 2012, with IIS 8, and MSSQL 2012. I’ve been “upgrading” over the years and have completely forgotten all the tweaks I needed to make it work, so that as well as dealing with any new “features” of the latest MS software is why I’m writing this entry.


This is such a pain. Only a very few people that receive mail from my Exchange server have problems where all attachments end up as winmail.dat. I don’t know the combinations that trigger it, but to simplify things, in Exchange 2010 I just set the external domain to send everything as plain text.

In Exchange 2013 you can’t do that through the GUI, so it’s time to resort to Powershell. Luckily the answer is much simpler than trying to work it out from the full command syntax.


So here’s one that had me stumped. I can’t get ActiveSync connections working for some users on some devices. I’ve found a lot of posts around the internet talking about it being an issue related to self-signed SSL certificates, but I don’t think that is what my problem is.

The environment:

  • 1 x Exchange 2013 running on Server 2012
  • 1 x Internal private Windows PKI handling certificates
  • 3 x Active Directory based user accounts
  • 2 x Windows RT Surface tablets
  • 1 x iPad Mini
  • 2 x PC running Windows 8
  • 1 x iPhone
  • 2 x Windows Phone 7

A fair collection of devices to compare the issue across.

So what does/used to work?


I’ve been seeing this error on my TMG 2010 Standard server ever since I put it into production and I couldn’t understand what it was or why it was happening


I never understood this message because I’m running Standard edition, which doesn’t do arrays (you need Enterprise). I’ve also never configured any array settings, and I’ve never seen any array settings on the Standard edition that could be configured.

It turns out that even though this is Standard edition, and there are no array, TMG seems to still think of itself as being in an “array of one”. When I built the server it had a temporary IP address that was changed when I switched over from the old Firewall server. It is this change of IP address that caused the error. It never seems to have caused any problems that I noticed, so I ignored it.

Until now.

As part of the “big recovery” I decided to kill all annoying errors. And this TechNet post had the solution.


The continuing journey in the very slow quest to restore everything.

This post is the recovery of the SQL Express database used by the Threat Management Gateway (TMG 2010) firewall. The SQL Server (ISARS) and (MSFW) instances were failing to start with an eventid:9003 message saying “The log scan number passed to log scan in database ‘master’ is not valid”

Essentially it would appear the MASTER database was corrupted, and as per the other servers the backup was also messed up. :sigh:


In Windows Explorer the preview pane is something I normally turn off to give me more screen space. There are times though when it can be really handy. For example when browsing through a large number of text files or images rather than opening each one individually.


So what do you do when you have an unusual file extension that doesn’t work with the preview pane?

A program I use creates a queue of files with an extension of “.cnm”. They are plain text files, but when you try to see them in the preview pane, you just get the “No Preview Available” message. This has actually bugged me for YEARS but for some reason I just kept finding other ways to deal with it.

So I had a moment today where I had hundreds of these files I want to flick through and I finally decided to figure this out once and for all.


Let me say this first of all – Do not try this at home. The following is not a “strategy”, it was a last desperate act to recover *something* from *nothing*. In this case it seems to have paid off, but there is still a lot of work to do.

Following on from my previous post about the serious disk crash experience…

After spending more time than I should have curled in a ball, rocking back and forth and hoping something would just start working by itself, I finally realised that I didn’t really have any proper options left. I was at the point where *anything* was an option, there was no longer a wrong way to do things.