Bart Timmermans aka Hyper-B

Source: Microsoft MSDN

ReFS, has been designed from the ground up to meet a broad set of customer requirements, both today’s and tomorrow’s, for all the different ways that Windows is deployed.

The key goals of ReFS are:

• Maintain a high degree of compatibility with a subset of NTFS features that are widely adopted while deprecating others that provide limited value at the cost of system complexity and footprint.
• Verify and auto-correct data. Data can get corrupted due to a number of reasons and therefore must be verified and, when possible, corrected automatically. Metadata must not be written in place to avoid the possibility of “torn writes,” which we will talk about in more detail below.
• Optimize for extreme scale. Use scalable structures for everything. Don’t assume that disk-checking algorithms, in particular, can scale to the size of the entire file system.
• Never take the file system offline. Assume that in the event of corruptions, it is advantageous to isolate the fault while allowing access to the rest of the volume. This is done while salvaging the maximum amount of data possible, all done live.
• Provide a full end-to-end resiliency architecture when used in conjunction with the Storage Spaces feature, which was co-designed and built in conjunction with ReFS.

The key features of ReFS are as follows (note that some of these features are provided in conjunction with Storage Spaces).

• Metadata integrity with checksums
• Integrity streams providing optional user data integrity
• Allocate on write transactional model for robust disk updates (also known as copy on write)
• Large volume, file and directory sizes
• Storage pooling and virtualization makes file system creation and management easy
• Data striping for performance (bandwidth can be managed) and redundancy for fault tolerance
• Disk scrubbing for protection against latent disk errors
• Resiliency to corruptions with "salvage" for maximum volume availability in all cases
• Shared storage pools across machines for additional failure tolerance and load balancing

In addition, ReFS inherits the features and semantics from NTFS including BitLocker encryption, access-control lists for security, USN journal, change notifications, symbolic links, junction points, mount points, reparse points, volume snapshots, file IDs, and oplocks.

And of course, data stored on ReFS is accessible through the same file access APIs on clients that are used on any operating system that can access today’s NTFS volumes.

Key design attributes and features

Our design attributes are closely related to our goals. As we go through these attributes, keep in mind the history of producing file systems used by hundreds of millions of devices scaling from the smallest footprint machines to the largest data centers, from the smallest storage format to the largest multi-spindle format, from solid state storage to the largest drives and storage systems available. Yet at the same time, Windows file systems are accessed by the widest array of application and system software anywhere. ReFS takes that learning and builds on it. We didn’t start from scratch, but reimagined it where it made sense and built on the right parts of NTFS where that made sense. Above all, we are delivering this in a pragmatic manner consistent with the delivery of a major file system—something only Microsoft has done at this scale.

Code reuse and compatibility

When we look at the file system API, this is the area where compatibility is the most critical and technically, the most challenging. Rewriting the code that implements file system semantics would not lead to the right level of compatibility and the issues introduced would be highly dependent on application code, call timing, and hardware. Therefore in building ReFS, we reused the code responsible for implementing the Windows file system semantics. This code implements the file system interface (read, write, open, close, change notification, etc.), maintains in-memory file and volume state, enforces security, and maintains memory caching and synchronization for file data. This reuse ensures a high degree of compatibility with the features of NTFS that we’re carrying forward.

Underneath this reused portion, the NTFS version of the code-base uses a newly architected engine that implements on-disk structures such as the Master File Table (MFT) to represent files and directories. ReFS combines this reused code with a brand-new engine, where a significant portion of the innovation behind ReFS lies. Graphically, it looks like this:

Read more at the source: Microsoft MSDN

During migration projects a lot of customers asks me how to import all accepted domains the easy way. The script I provide below is very basic but it will save you a lot of time.

But first create a CSV file with on the first line AcceptedDomains. Insert all your accepted domains on seperate lines starting from the second line.

$File = Read-Host "Please enter location and filename of the CSV file (example: D:TempAcceptedDomain.CSV)"

# Reading of all lines within the specified CSV file.

$list = Import-Csv $File

foreach($entry in $list) {

# Reading the AcceptedDomain variable from the CSV file.

$AcceptedDomain = $entry.AcceptedDomain

# Running the powershell command for creation of all Accepted Domains.

New-AcceptedDomain -Name $AcceptedDomain -DomainName $AcceptedDomain

}

This is the third part (Part 1, Part 2) of the how-to guide on installing and configuring an offline Root Certificate Authority on a Windows Server 2008 R2 core edtion.

Within this part we are going to install and configure Active Directory Certificate Services (ADCS) on the Root CA. Also we are going to backup the root certificate with private key to external storage and encrypt this drive Bitlocker to go.

Prerequisites

The following must be available before using this guide:

• Part 1 and Part 2 of the installation guide must be completed;
• Root access to the Root CA server (ILO, VMware, vSphere console);
• SetupCA.vbs must be downloaded (click here) and stored on the Root CA (C:Temp)
• One or two USB drives (dedicated for the backup of the root certificate and private key).

Installation steps

Read more…

This is the second part (Part 1) of the how-to guide on installing and configuring an offline Root Certificate Authority on a Windows Server 2008 R2 core edtion.

Within this part we are going to encrypt the OS drive with BitLocker. By encrypting the drive it will be almost impossible to steal the private key of the root certificate. Within this guide we are going to use a virtual machine on VMware (Hyper-V or XenServer are also supported). Because our virtual machine does not have a TPM (Trusted Platform Module) we are using a virtual floppy which will be needed everytime the server will be powered on.

This guide can also be used on all Windows Server 2008 R2 core servers. 

Prerequisites

The following must be available before using this guide:

• Root access to the server (ILO, VMware, vSphere console);
• Windows Server 2008 R2 core edition already installed;
• A server with Windows Server 2008 R2 full and the Bitlocker feature installed.

Installation steps

Read more…

This guide explains how to install and configure an offline Root Certificate Authority on a Windows Server 2008 R2 core edtion.

This guide is splitted in three seperate parts:

• Part 1: Introduction and pre-installation tasks
• Part 2: Encrypting the drive of the Root CA using BitLocker
• Part 3: Installing Active Directory Certificate Services on the Root CA

Main reason to configure the Root CA on a core edition is to lower the attack surface. The attack surface should be as low as possible to prevent hackers from stealing the private key of the root certificate. Therefore most of the time the Root CA will be shutdown and disconnected from the network. More about security hardening on an Root CA in a later article.

Prerequisites

The following must be available before using this guide:

• A dedicated physical or virtual machine;
• Root access to the server (ILO, VMware, vSphere console);
• Windows Server 2008 R2 core edition already installed;
• Hostname and network settings already configured;
• Very complex password set for the administrator account;
• Firewall must be on with no exceptions;
• Access to Windows update, WSUS, SCCM or other patching mechanism.

Installation steps

Read more…

Source: Microsoft

Microsoft Exchange Server 2010 SP2 helps IT Professionals achieve new levels of reliability with greater flexibility, enhanced user experiences, and increased protection for business communications.

• Flexible and reliable – Exchange Server 2010 SP2 gives you the flexibility to tailor your deployment based on your company's unique needs and a simplified way to keep e-mail continuously available for your users.
• Anywhere access – Exchange Server 2010 SP2 helps your users get more done by giving them the freedom to securely access all their communications – e-mail, voice mail, instant messaging, and more – from virtually any platform, Web browser, or device.
• Protection and compliance – Exchange Server 2010 SP2 delivers integrated information loss prevention, and compliance tools aimed at helping you simplify the process of protecting your company's communications and meeting regulatory requirements.

You must accept the license terms for the software before you are authorized to use it. There is no product support for the trial edition of the software. You are welcome to participate in the forums to share your trial experiences with others and to ask for advice.

Download it here.

I have created an script which will remotely enables a users mailbox.

# This powershell script creates a remote mailbox.
# Created by Bart Timmermans
$Server = Read-Host "(Please enter the hostname of your Exchange 2010 Server)"
$User = Read-Host "Please enter the username (domainuser)"
$ServerFull = "HTTP://" + $Server + "/Powershell"

# Start session to remote Exchange 2010 server.
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $ServerFull -Authentication Kerberos
Import-PSSession $Session

# Create new mailbox
Enable-Mailbox -identity $User

Source: Microsoft Exchange blog

Earlier today the Exchange CXP team released Update Rollup 4 for Exchange Server 2010 SP1 to the Download Center.

This update contains a number of customer-reported and internally found issues since the release of RU1. See 'KB 2509910: Description of Update Rollup 4 for Exchange Server 2010 Service Pack 1' for more details. In particular we would like to specifically call out the following fixes which are included in this release:

• 2519359 Unable to Create a 'Reply With' Rule on Public Folders Even With Owner and Send As Permissions
• 2394554 Generating DSN fails if original mail uses non-support encoding charset.
• 2490134 Outlook 2007 does not deliver "Delayed Delivery" Messages against an Exchange 2010 Server in Online mode with any additional Transport loaded in the Outlook Profile

Some of the above KnowledgeBase articles are not replicated/live at the time of writing this post. Please check back later in the day if you can't reach them.

Update Rollup 5 for Exchange Server 2010 Service Pack 1 is currently scheduled to release in August 2011.

General Notes

Note for Exchange 2010 Customers using the Arabic and Hebrew language version: We introduced two new languages with the release of Service Pack 1, Arabic and Hebrew. At present we are working through the process of modifying our installers to incorporate these two languages. Customers running either of the two language versions affected are advised to download and install the English language version of the rollup which contains all of the same fixes.

Download it here.

Source: Microsoft

The System Center Orchestrator Beta product provides the capability of automation of workflows (Runbooks) across other System Center and 3rd party products. These runbooks are created in the Runbook Designer, deployed via the Deployment Manager and run and monitored locally or remotely via the Orchestrator Console.

Feature Bullet Summary:
 

• Management Server
• Orchestrator Console
• Runbook Designer
• Deployment Manager
• Web service for reporting

Download the beta here.

Source: Microsoft

A lot of my customers reported the same issues with XenApp 6. During the night servers are restarted to provide a clean server to their employees. These servers sometimes hangs during the shutdown/restart procedure and will not restart until an system administrator manually forces the servers to restart.

Citrix released a hotfix to prevent this issue from happening. Besides this issue it will also resolve the following issues:

Read more…

Source: MSDN blogs

2 good colleagues of mine, has used a bit of their sparetime to develop this great looking Lync Client for WP7.

Take a look at the video

It will be made available for free on the Windows Phone Marketplace very soon.

Microsoft released rollup package 2 for Data Protection Manager 2010 (DPM). Below the details.

This rollup resolves the following issues:

• When you change the ports that are used by the Data Protection Manager 2010 Remote Access service, recovery jobs may fail.
• On some client computers, the System volume runs out of space when local shadow copies are created and when the shadow copy storage is set to UNBOUNDED.
• When you try to protect more than 1,000 client computers from one Data Protection Manager 2010 server, you receive a warning that you cannot protect more than 1,000 client computers by using Data Protection Manager 2010, even though Data Protection Manager 2010 can protect up to 3,000 client computers.

Read more…

Source: Microsoft

This article lists Microsoft Knowledge Base articles that apply to Forefront TMG 2010 SP1. The issues that are described in these articles are resolved in Software Update 1 Rollup 3 for Forefront TMG 2010 SP1.

Issues that are resolved by Software Update 1 Rollup 3

Read more…

Next week you can expect the following articles on this blog.

• How to deploy Microsoft Certificate Services on a Windows Server 2008 R2 core server (3 parts for the Root CA and 2 parts for the Issuing CAs)
• How to encrypt drives on a Windows Server 2008 R2 core edition without an TPM.
• How to automatically deploy machine certificates (WPA(2)-Enterprise, SCCM native mode) using Active Directory Certificate Services.
• SharePoint and Opalis better together 1: How to create users with Exchange mailboxes using SharePoint 2010 and Opalis.
• SharePoint and Opalis better together 2: How to create a workflow which will authorize users to a product specified within a SharePoint 2010 form.
• How to create custom Opalis Integration Packs (OIP) to execute commands on Microsoft Exchange 2010 and Microsoft Lync Server 2010.

Source: Microsoft

Microsoft released service pack 1 for Windows 7 and Windows Server 2008 R2.

Windows 7 and Windows Server 2008 R2 SP1 helps keep your PCs and servers on the latest support level. It also provides ongoing improvements to the Windows Operating System (OS), by including previous updates delivered over Windows Update as well as continuing incremental updates to the Windows 7 and Windows Server 2008 R2 platforms based on customer and partner feedback. This enables organizations to deploy a single set of updates.

Windows 7 and Windows Server 2008 R2 SP1 will help you:
 

• Keep your PCs supported and up-to-date
• Get ongoing updates to the Windows 7 platform
• Easily deploy cumulative updates at a single time
• Meet your users' demands for greater business mobility
• Provide a comprehensive set of virtualization innovations
• Provide an easier Service Pack deployment model for better IT efficiency

Download it here.

Source: Gartner ADC article.

Gartner released the magic quadrant report for Application Delivery Controllers.

Microsoft released the CTP of server APP-V. Source: Microsoft System Center blog.

Microsoft Server Application Virtualization builds on the technology used in client Application Virtualization, allowing for the separation of application configuration and state from the underlying operating system. This separation and packaging enables existing Windows applications, not specifically designed for Windows Azure, to be deployed on a Windows Azure worker role. We can do this in a way where the application state is maintained across reboots or movement of the worker role. This process allows existing, on-premises applications to be deployed directly onto Windows Azure, providing yet more flexibility in how organizations can take advantage of Microsoft’s cloud capabilities. Server Application Virtualization delivers:

• Application mobility: Server Application Virtualization enables organizations to move their applications from on-premises datacenters to Windows Azure to take advantage of Windows Azure’s scalability and availability. This application mobility provides a unique level of flexibility to organizations as their needs evolve, enabling movement from one environment to another as their business needs dictate without the need to re-compile or rewrite the application.
• Simplified deployment: With Server Application Virtualization, organizations are able to virtualize applications once and then deploy these packages as needed. This process creates a method to manage applications, simply and efficiently across their Windows Server® platform or to Windows Azure.
• Lower operational costs: By using Server Application Virtualization organizations can gain the lower management benefits of the Windows Azure platform for their existing applications. This is delivered through the virtualized application being deployed on the Windows Azure platform, meaning organizations get the benefit of Windows without the need to manage a Windows Server operating instance or image for that application. With Server Application Virtualization, organizations are able to virtualize applications once and then deploy the packages this process creates, simply and efficiently across their Windows Server® platform or to Windows Azure.

  Read more at the source.