Anything for sysadmins!


Setting up a narrowcasting unit

Narrowcasting is a great way of reaching the people inside your company. It's an easy way of informing people about what's new in the company. That is exactly why I needed to setup a couple of narrowcasting units. First we tried to use DLNA on our Sony Bravias as this would reduce the cost of the system. We thought that it might be possible to stream the live desktop running our narrowcasting software to the screens. However it soon showed that DLNA hasn't matured enough to be able to do this. We've tried every piece of software available that supported DLNA, but no joy.

After all the hassle with DLNA we decided to go with the simplest solution and use a PC for each screen. After checking out a couple of possibilities we went with the MSI Wind DE220 mini-PC. These beauties fit nicely behind the mounted screen and still have enough power to show a video or two. Also they come with a HDMI port, wireless network adapter, low power consumption and low pricing!

Although I only have 4 setups, I'm still too lazy to get up every day and press the on button. This means that I'll have to automate the boot process. Using Windows Task Scheduler you can get it into hibernation mode. With another task you can have it resume from hibernation mode (I will post more details on this later). I would prefer to do this using the BIOS, but MSI didn't include power scheduling in the BIOS.

After the boot, it'll just sit there idling until you enter the login details. To solve this, you'll have to dive into the registry and set it to login automatically (I will post more details on this later).

Once that's done, there's not much left but to make sure that the computers are secured and that the narrowcasting software is started. I've managed to do this with GPOs. Using the Group Policy Common Scenario templates you can easily lock down a computer even on Windows Vista and 7. The Kiosk GPOs are well suited for the task at hand. Just change the Custom User Interface which you can find at User Configuration > Administrative Templates > System > Custom User Interface. This will prevent Explorer to start and use your application instead.

Now you have a setup that when automatically started, logs in, starts the narrowcasting software, hibernates at a specified time and boots again at the specified time.

If you have questions or remarks, please leave a comment.


Passwords are like underwear

Recently I found this statement on and as I work in a company where I can put things like this on a board, I couldn't resist to create a slightly altered version. We'll just mark it as user education…

Passwords are like underwear

You shouldn't leave them out where people can see them

You shouldn't loan them out to strangers

You should change them regularly

Tagged as: No Comments

Black screen in PowerPoint 2010

When showing a slideshow in PowerPoint 2010 through Remote Desktop, the screen might come up black. By disabling hardware graphics acceleration you can get the slides to show normally. To do this, go to File > Options in PowerPoint and select Advanced. Then check the Disable hardware graphics acceleration option to fix the problem.

Also you can temporarily black the screen by pressing the B button on your keyboard. If white suits your presentation more, you can press the W button on your keyboard.


File name, length and character restrictions for SharePoint

What are the file name restrictions of the document libraries, link lists, etc? It's not really a question that I get regularly, but when it comes up I'll have to look for it as I don't know it from the top of my head. Here's a list of general restrictions.

  • File and folder name lengths can't exceed 128 characters in both WSS 2.0 as WSS 3.0
  • Link list items can't exceed 256 characters
  • The entire path of files can't exceed 260 characters

File and folder name restrictions:

  • Can't be longer than 128 characters
  • Can't use: ~ # % & * { } \ : < > ? / + | "
  • Can't use the period character consecutively in the middle of a file name (blah…blah.docx)
  • Can't use the period character at the end of a file name
  • Can't use the period character at the start of a file name
  • Can't end with:
    • .files
    • _files
    • -Dateien
    • _fichiers
    • _bestanden
    • _file
    • _archivos
    • -filer
    • _tiedostot
    • _pliki
    • _soubory
    • _elemei
    • _ficheiros
    • _arquivos
    • _dosyalar
    • _datoteke
    • _fitxers
    • _failid
    • _fails
    • _bylos
    • _fajlovi
    • _fitxategiak

The same goes for site, subsite and site group names.

There are a couple more restrictions like size, but that's quite dependent on the server configuration. You can check this blog post for more information about that.


Full failover with two Exchange 2010 Servers

Every sysadmin runs into the problem at some time; switching to a newer version of Exchange. Hopefully most of you can migrate to Exchange 2010 within the forest. However sometimes it just makes more sense to setup a new forest with the new version of Exchange, SharePoint, etc. In my case it makes more sense. It takes a lot more work, but in the process I'm able to update all the servers to Windows Server 2008 R2 as well. Having all the servers on the same version of Windows saves me time on management. I'm getting side-tracked! Let's get back to Exchange and the problem at hand: DAG Failover with two Exchange 2010 Servers.

If you haven't read up on the functioning/existence of Database Availability Groups (DAG) and CAS failover of Exchange 2010, you'll probably think that it's a breeze. However that's not the case. The new failover isn't really build on a two server setup. DAG uses Windows' Failover Clustering to provide failover on the Mailbox Database level. This work really well, but comes with one huge disadvantage. Failover Clustering is not compatible with Network Load Balancing (NLB) and NLB is used for failover of the Client Access Server (CAS) role. As an alternative one could use a hardware or software load balancer that load balances TCP/IP traffic, but those don't come cheap, which doesn't really make sense for the smaller shops. But a solution is near!

The solution

After a lot of thinking, discussing and experimenting I came up with a solution. While using the standard Windows Failover Clustering for DAG I can use the Client Access Server Array (


) without NLB for failover of the CAS role. However instead of having NLB switching the active server I'll have to script which server is active. My current default answer for scripting and automation applies here: "Let's PowerShell it!".

First I tried to change the RpcClientAccessServer directly, but that didn't have the right effect. A colleague suggested to use the CAS array and just activate the CAS array IP on the active server. This made a lot of sense as NLB does something similar. So let's go through the steps!

  1. Create a CAS array
    [Powershell]New-ClientAccessArray -Fqdn "name.domain.local" -Site "AD-Site-Name"[/Powershell]
  2. Create the A record in DNS for your newly created CAS array and have it point to an available IP that can be used by both Exchange servers.
  3. Add the CAS array IP on one of the available network adapters of the active server by using the command
    [Powershell]netsh in ip add address "Adapter Name"[/Powershell]

You're not done yet! You can connect an Outlook client to a mailbox. AutoDiscover should now use the CAS array DNS as the connection point. You can check the connection point by right-clicking the Outlook taskbar icon while holding the CTRL button and selecting Connection Status.

If you don't see the right hostname in the server name field, you should check the results of the AutoDiscover. You can use the option Test E-mail AutoConfiguration in the CTRL + right-click menu of Outlook or you can use the website to test you AutoDiscover results. You can use this site to test almost any aspect of your Exchange connectivity. You should get something like the following as a result.

&lt;?xml version="1.0" encoding="utf-8"?&gt;
&lt;Autodiscover xmlns=""&gt;
&lt;Response xmlns=""&gt;


&lt;Server&gt;<span style="background-color: silver;">exchange.domain.local</span>&lt;/Server&gt;
&lt;ServerDN&gt;/o=&lt;domain netbios&gt;/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=<span style="background-color: silver;">exchange.domain.local</span>&lt;/ServerDN&gt;
&lt;MdbDN&gt;/o=&lt;domain netbios&gt;/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=<span style="background-color: silver;">exchange.domain.local</span>/cn=Microsoft Private MDB&lt;/MdbDN&gt;


The magic script

Time to implement the PowerShell script. The script will take care of the CAS failover by activating the IP on one of the Exchange 2010 servers. The script uses ping to make sure that the other host is still reachable. I've scripted it to check if it can ping the gateway before doing a CAS failover just to make sure that it's not a network-wide issue. It will also check the database copy status (Get-DatabaseCopyStatus) to make sure that the mailbox database has also done its failover to the host running the script.

There are a couple of variables that you need to set in the script before you can run it properly. There should be enough comments in the script to figure it out, otherwise just leave a comment and I'll be sure to answer! You might also want to change the text of the e-mail that is being send in case of failover.

You can download the script here!

There are a couple of settings that you have to edit in the script to customize it for your environment and preferences. I won't go into this any further as it's quite well explained in the script itself. If you do have questions please comment on this post and I'll get back to you as soon as I can.

$Limit = "10" # Ping fails before failover attempt
$Gateway = "&lt;hostname/IP&gt;" # Gateway of this server
$Hostname = "&lt;hostname/IP&gt;" # Hostname of the other Exchange Server
$LocalHostname = "&lt;hostname/IP&gt;" # Hostname of the local Exchange server
$MailTo = "Name &lt;;" # E-mail address where the failover e-mails will be send to
$MailFrom = "Name &lt;;" # E-mail address shown in the from field
$IP = "&lt;IP&gt;" # Failover IP address that will be added to the server (IP of ClientAccessArray FQDN)

Creating the script account

Create a new domain user and add it to the View-Only Organization Management role using the Exchange Control Panel (ECP). You can access the ECP by going to https://<servername>/ecp/. This however doesn't provide it with permissions to allow remote PowerShell. You can grant the permissions by running

Set-User FailMon -RemotePowerShellEnabled $True on the Exchange Management Shell (EMS).

<img alt="" src="" />

Also add the domain user to the local administrators group to give it the appropriate permissions to run the task on the right level.
<h3>Scheduling the script</h3>
To have the task start, you can use the task scheduler. The script can be fired as much as you like, as it will only spawn one instance.

powershell.exe -command "&amp;{C:\Scripts\FailoverMon.ps1}"

Make sure that, while creating the scheduled task, you select an account with the appropriate permissions on your Exchange organization.

I've set my task to trigger (as shown) on startup with a repeat of every 10 minutes.

If you want to know more on how to schedule a PowerShell script, please check here.


When the tasks are scheduled and running on both the servers you can try a failover by shutting down the server which currently has the CAS array IP address. You should see it failover with the DAG and you should also see that the IP address is added to the other server. The client will get a notification on Outlook that the administrator made changes to the configuration and that Outlook need to restart to work properly.


Failback is still a manual process if you want to failback to the previous server. To do so, you'll have to make sure that the previous server is configured with the CAS array IP address and that the DAG indicates that it's healthy. Then it's just a matter of manually removing the CAS array IP address on the server that doesn't need it anymore. Then it'll automatically detect that it's switched servers and the above dialog is again presented to the client. You can use the following command to remove the IP address from the server.

[Powershell]netsh in ip delete address "Adapter Name"[/Powershell]

Edit: Please note that this setup is not supported by Microsoft.
If you still have questions or when it just doesn't work for you, please let me know by commenting on this post.

Update: The script is available again through this link.


Scheduling PowerShell scripts

Most of the management tasks for desktops and server systems can be done by using PowerShell. However, some of these tasks have to be scheduled on certain events or times. This isn't as straight forward as you might think because you can't just call the script directly. The way described below works for me all the time.

  1. Start Task Scheduler
  2. Select Task Scheduler Library and right-click it
  3. Select Create Task
  4. Define your security options and triggers
  5. On the Actions tab click the New button
  6. You can leave the Action as it is. In the Program/script field enter: powershell.exe
    In the Add arguments field enter: -command "&"{<full path to script }""
    In the Start in field you can enter anything you would like or leave it empty

You can test run the task by right-clicking it and selecting Run. The column Last Run Result will show the outcome.


Excel Error: Windows cannot find “”…

Someone just reported the Excel error below to me. The error happens when an Excel icon is double-clicked while already having an Excel session open.

"Windows cannot find '<doc location'. Make sure you typed the name correctly, and then try again."

This error had me puzzled for a moment until I found the answer on the Microsoft support site here.

Here's a small excerpt of the Microsoft support site:

When you double-click an Excel workbook in Windows Explorer, a dynamic data exchange (DDE) message is sent to Excel, instructing it to open the workbook that you double-clicked.

If the Ignore other applications setting is selected, Excel ignores DDE messages sent to it by other programs. As a result, the DDE message sent to Excel by Windows Explorer is ignored, and Excel does not open the workbook that you double-clicked.

To solve the problem you'll have to uncheck the setting Ignore other application that use Dynamic Data Exchange (DDE) which can be found here:

Microsoft Excel 2010

  1. Click the File tab, and then click Options.
  2. Click Advanced, and then click to clear the Ignore other applications check box in the General area.
  3. Click OK.

Microsoft Office Excel 2007

  1. Click the Microsoft Office Button, and then click Excel Options.
  2. Click Advanced, and then click to clear the Ignore other applications check box in the General area.
  3. Click OK.

Microsoft Office Excel 2003 or earlier versions of Excel

  1. Click Options, on the Tools menu.
  2. Click the General tab.
  3. Click to clear the Ignore other applications check box, and then click OK.

 This error can also occur when Word or Powerpoint is trying to include a part of an open Excel document.


Suppress AutoDiscover dialog in Outlook 2010

When Outlook loses connection, or when using Outlook Anywhere you'll probably see the following dialog box:

Of course you could select the "Don't ask me about this website again" box, but that's only a local override. What you can do, is suppress the window completely by making a registry edit. You'll have to navigate to the HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\AutoDiscover\RedirectServers key and add your server names as REG_SZ (String Value) leaving the data field empty. You can add as many servers as needed.


Exchange 2010 Remote Powershell

One of the new features of Exchange 2010 is the ability to setup a remote connection to an Exchange 2010 organization without having to install the management tools. However you do have to install the Windows Management Framework Core unless you're on Windows 7 or Windows 2008 R2 where it comes preinstalled. Click here to go to the download page for Windows Management Framework Core.


  • Windows Vista SP1 and higher or Windows 2008 SP1 and higher
  • Windows Management Framework Core which includes:
    • Windows Powershell 2.0
    • WinRM 2.0
  • Permissions to make remote Powershell sessions
  • Exchange 2007 Powershell snapin must be unloaded

To grant remote Powershell session permissions you have to run the following command:

    Set-User -Identity <username> -RemotePowershellEnable $True

To unload the Exchange 2007 Powershell snapin run the following command:

    Remove-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin

Establishing the connection

Let's make a remote connection to our Exchange 2010 organization!

  1. Store the credential in a variable:
    $User = Get-Credential

  2. Store a Powershell session in a variable:
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "http://<servername>/powershell" -Credential $User
  3. Import the server-side Powershell session to the client side one:
    Import-PSSession $Session

    During this step you'll see a progress bar while the Exchange cmdlets are being imported

You now have a working remote Powershell session with your Exchange 2010 organization!

Closing the connection

When you're done with the session you'll have to remove it. To do so, you can run the following command:

    Remove-PSSession $Session

As you can see, the session has been closed. Don't forget to either exit your local Powershell session or remove the $User variable, as this still has the account stored. If you want to remove the variable, use the following command:

    Remove-Variable User


New-MoveRequest Error

While testing the cross-forest migration of a mailbox, I ran into an error.

Microsoft.Exchange.MailboxReplicationService encoutered an exception. Error: MapiExceptionNetworkError: Unable to make connection to the server. (hr=0x80004005, ec=24r23)

This seems to happen when the server is not able to reach the server by using its NetBIOS name. After resolving the DNS issues I was able to run the New-MoveRequest command without any errors.