Slow SharePoint 2010 site? The best hidden troubleshooting gem

by Ed Sparks

Two words - Developer Dashboard.

Ever had a slow SharePoint site and been unable to figure out what's causing the issue, or where to turn next?  Once you've given up on resetting IIS and checking your performance monitors, you'll be happy to find out that Microsoft has a fantastic tool built right into SharePoint 2010 and later.

There is plenty of good information all over the internet about this already, so I will just point to a couple of excellent sources:

http://blogs.technet.com/b/wbaer/archive/2009/11/21/welcome-to-the-developer-dashboard.aspx
http://sharepointyankee.com/2009/12/24/the-sharepoint-2010-developer-dashboard/

Happy bug hunting!

Controlling EWS Access in Exchange 2010 - Mac, Samsung, Blackberry and more

by Ed Sparks

common request we get from customers it how they can block many problematic or unauthorized (and uncontrolled) email clients connecting to their Exchange servers via Exchange Web Services

Exchange 2010 SP1 - Rejoice!
Thankfully Microsoft heard the feedback loud and clear, and beginning with Exchange 2010 SP1, this is highly manageable via new block and allow settings and lists that can be applied at an organizational or mailbox level!

The two commands used:
set-organizationconfig
and
set-casmailbox

Note: Settings enabled/configured at the organization level are overridden by those at the mailbox level. This means you are able to enforce a secure policy by default, then just make a few exceptions for users. 

The most common configuration we setup for client is as follows:

Read More

Goodbye imageX, hello DISM for Windows 8 Imaging and Deployment

by Ed Sparks
This article seems to be getting a tremendous amount of traffic!
Leave a comment with any suggestions or questions you might have about Windows 8 deployment.  Contact us for help with your project too!

A quick note for those starting to work with Windows 8 deployment, or just playing around with images.

ImageX has been flagged by Microsoft as a deprecated utility, and has been replaced with DISM - Deployment Image Servicing and Management.  Catchy.  There's no Metro/Windows-8/Store-style/Technologywithoutaname version, though.

The good news is that DISM is an excellent replacement and has matured quite a bit since ImageX, while still keeping most of the same command structure.

In our testing it has proven much quicker and more reliable, and is built into Windows 8, Server 2012 and PE 4.

There's even PowerShell commandlets to do all sorts of useful things.

Find out more by running from an Administrative command prompt:

dism /?

Our one-liner quick and dirty capture/deploy commands for a standard Windows install is as follows:

1. Plug in a large USB drive 

2. Boot into Windows PE 4 (here's how)

3. At the command prompt find out the drive letter of your USB drive (e: in the example below) then execute:

dism /Capture-Image /ImageFile:d:\my-windows-partition.wim /CaptureDir:e:\ /Name:"My Windows Partition"

To then place this image on a new drive or rebuild, do the opposite,  again while booted into PE 4

dism /Apply-Image /ImageFile:d:\my-windows-partition.wim /index:1 /ApplyDir:C:\

 

Further reading:

http://technet.microsoft.com/en-us/library/hh825251.aspx
http://blogs.technet.com/b/heyscriptingguy/archive/2012/09/27/use-the-powershell-dism-cmdlets-to-manage-windows-8.aspx

Boot Windows Server 2012 Directly to the Desktop

by Ed Sparks

​In their quest for all things Metro - sorry - "Modern UI" - Microsoft has opted to boot not only Windows 8, but also all Windows Server 2012 GUI versions directly into the ridiculous Start Screen.

​It's the opinion of most administrators that this is pointless and annoying on servers.  
Thankfully, there is a workaround for this, unlike on Windows 8 where they have now actively blocked this.

Find out the detail's and a quick and easy Powershell script at the EXPTA blog.

Source: http://www.expta.com/2012/10/how-to-boot-d...

SharePoint licensing - full guide, examples, scenarios and more

by Ed Sparks

​Properly licensing Microsoft SharePoint is a complex and confusing undertaking, and in our experience, many organizations are either running with far too few, or incorrect licenses.  As usual with licensing, Microsoft doesn't make it easy to understand or ​implement correctly.
Here's an excellent four-part resource we often refer to for everything the basic of what is needed, all the various options and versions, and some excellent specific examples.

SharePoint Licensing Guide - Scenarios
For Part IV in my SharePoint 2010 Licensing mini-series, I have put together several different licensing scenarios and detailed the requisite licensing for each. SharePoint is very flexible in both licensing and capability. As with any large company, understanding exactly which licenses you need can be quite perplexing! Hopefully this will shed some light on different scenarios to help you get your SharePoint 2010 environment licensed correctly.
The previous posts in this mini-series include explanations of the different products involved with SharePoint 2010:
SharePoint 2010 Licensing Part I: Foundation, Server, and Designer
SharePoint 2010 Licensing Part II: Windows Server and SQL Server
SharePoint 2010 Licensing Part III: Search, Office Web Applications, and Project Server

Thanks to John Stover, at the StoverEffect blog.

Source: http://stovereffect.com/

Fix L2TP and PPTP VPNs on Windows Vista/7/8/2008/R2/2012

by Ed Sparks

Update 1: PPTP Broken? Read our latest article!

Update 2: Even more VPN grief - this time with Windows 8/8.1 Metro and PPTP.  See this article for the solution to "Error 850: The Extensible Authentication Protocol type required..."

 

For "security reasons" Microsoft somewhat broke the implementation for L2TP/IPSec (and in some cases PPTP) VPNs in Windows Vista/7/2008 R2.  This was due to an architectural change made in these OS versions to disable NAT Traversal functionality for these protocols by default.

This means that while your old XP machine or iPhone will connect, your brand new Windows 7 or 8 system will spin its wheels hopelessly and eventually error out.  Strange, non-obvious and questionable default choice, in our opinion.  You know you are likely experiencing this issue if you try to connect with L2TP and get errors numbers such as 800, 794 or 809.

Thankfully you can bring back the old behaviour with a couple of changes: a registry key and a Hotfix. 

On your Windows Vista, 7 or 8 client machine change or add the following registry item:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent\

New DWORD (32-bit) Value:AssumeUDPEncapsulationContextOnSendRule 
Set the value to 2

This allows the client or server to be behind a NAT firewall.

Reboot after making the change, and retry the connection.  If there's still issues, you may have to apply the following Hotfix:

You cannot establish an IPsec tunnel to a computer that is running Windows 7 or Windows Server 2008 R2 through a NAT device

Better still?  Start using SSTP VPNs which will work through virtually any NAT or Firewall device much more consistently, and only requires a cheap or free public SSL certificate.  

This article has more information, and a link to Microsoft's extensive VPN guide.