My friend Ken is an anesthesiologist (and a professional photographer, but I digress.) Last night, we were talking, and I mentioned that I was heading to Boston for a quick trip. He said he was a little envious of my travel schedule, and I told him that there wasn’t really anything to be envious of. Here’s the proof in the form of my day’s schedule:
Reverse number lookup in Office Communicator
As part of my grand unified communications adventure (more on which later), I needed to get reverse number lookup (RNL) working with LCS. RNL is a simple concept: when you get a phone call from extension 1001, you want your computer to identify the caller as John Smith, not as ‘1001’.
Communicator looks up numbers using one of two sources:
- the address book produced by the Address Book Service on the LCS server; this is generated daily from whatever you’ve got in Active Directory.
- contacts in the user’s local Outlook address book (or Windows address book)
When you place a call to a Communicator user, the PBX sends a CSTA message that includes a device identifier, like this:
<deviceIdentifier>tel:1001; phonecontext=pbx.litware.com</deviceIdentifier>
(or maybe <deviceIdentifier> tel:+16175552702;ext=52702</deviceIdentifier>
Communicator will try to match the device identifier against one of the numbers it can see in the address book or the Outlook contact. If it matches, it displays the caller info; if not, you just get the number. You can add this information manually, but the preferred way to do this is to put the callers’ numbers into a multivalued attribute called proxyAddresses. However, we were in somewhat of a hurry. The simplest solution for us was to add the “TEL” URI of the associated extension into the “home” phone number field of each user object. This would more sensibly be done by a script, but for our lab environment, which only has a handful of extensions, it was a quick solution.
Microsoft Unified Communications team blog
I’m a huge fan of the Exchange team’s blog because it includes a wealth of technical information that you can’t find anywhere else. They don’t waste a lot of time with marketing fluff, and the folks who post there run the gamut from product support to developers to product managers. The Unified Communications Group at MS recently launched their own blog, which I hope will live up to the same standard.
Comments Off on Microsoft Unified Communications team blog
Filed under UC&C
Exchange Migration Solution Accelerator wins Readers’ Choice award
Since I’m used to seeing my byline in print magazines, I don’t usually get too excited about it. However, I was surprised (and pleased!) to see that the Solution Accelerator for Exchange Consolidation and Migration won an Honorable Mention in Windows IT Pro‘s Readers’ Choice awards. This is especially cool because it was a write-in nomination! Missy Koslosky, Devin Ganger, and I worked really, really hard on this guide, and it’s great to see that it’s been useful to people.
Comments Off on Exchange Migration Solution Accelerator wins Readers’ Choice award
Filed under UC&C
Scheduling the Managed Folder Assistant
Argh. This bit me, even though I knew better. I set up a managed custom folder, created a folder policy for it, and waited patiently for the folder to appear in a user mailbox. It didn’t. Why? Because I hadn’t set a schedule for the managed folder assistant, that’s why. Fortunately, a quick run of start-ManagedFolderAssistant solved the problem.
Comments Off on Scheduling the Managed Folder Assistant
Filed under UC&C
How to remove MSI files in safe mode
I was trying to install an antivirus program on my Parallels VM, and when the install finished I found that my VM was unbootable.
The answer: re-enable the Windows Installer service as detailed here. I was then able to remove the misbehaving AV program and get back to normal.
Comments Off on How to remove MSI files in safe mode
Filed under General Tech Stuff
Security update numbers, apples to apples
Ed posted comparing IBM and Microsoft’s security update records. He missed a few important details, though that’s understandable given that he’s not a security dude. Just to set the record straight, though, I wanted to point out something that security folks learn pretty quickly: simplistic comparisons that claim that “vendor X has better security than vendor Y based on patches” are worthless. Any time you see one, there are some hard questions you should be asking.
First, what products are included? We don’t know what criteria McAfee used to make their pretty graphs. Did they include Office updates? Updates for Windows 2000 before it went EOL? Windows Media Player? Who knows? Reputable researchers and vendors will always include their source data; if you don’t see it, you should be wary.
Second, what basis of comparison is being used? Most broad-based comparisons of vendors are flawed because they mix dissimilar items, usually applications and OSes. You can say “Microsoft had to issue more patches than IBM”, but that’s meaningless unless you’re talking about specific products. A more interesting question would be to ask something like “Who had more patches to install: an Exchange 2003 admin on Windows 2003, or a Lotus Domino 6.5 admin on RHEL?” Well, according to Secunia, the numbers break down like this:
- 8 patches for Exchange 2003 + 100 patches for Windows Server 2003 Standard, versus
- 22 patches for Domino 6.5 + 212 patches for Red Hat Enterprise Server 4
All of a sudden the comparison doesn’t favor IBM quite so much! A more proper comparison might leave the operating system out of it (after all, there are more Notes seats on Windows than on Linux), but even then there’s still room for argument: Secunia doesn’t break down Domino R6 vs 6.5, so the vuln count of 22 may include some items that aren’t relevant.
Third, counting patches alone leaves out some important dimensions. It’s like counting the money in your wallet by counting bills and ignoring denominations– would you rather have 10 $1 bills or 1 $100? Other factors to evaluate include the severity of the vulnerability and how long between its emergence (or disclosure) before the vendor gets a patch out– the so-called “days of risk” model.
Fourth, not all vendors tell the truth. More kindly, not all vendors tell the whole truth and nothing but. For example, IBM doesn’t include severity ratings on its security page, so you can’t judge the severity of a reported vuln unless you’re already pretty knowledgeable. Oracle is flat-out dishonest in some of its security patch release notes. When you’re comparing vendor security, you should include the nature, frequency, and accuracy of their security-related disclosures and communications.
Filed under Security
TiVo alert: “Wench Swap”
Arrr! Avast, ye scurvy dogs! Make ready the TiVo! In honor of National Talk Like a Pirate Day (19 September!), I’m happy to report that ABC’s “Wife Swap” is doing a special pirate-themed episode the day before. Normally I avoid reality TV like the black spot, but I’ll make an exception in this case.
Filed under General Stuff
15 years, podna!
Yes, it’s true: 15 years ago today, Arlene and I were in Atlanta getting ready to get married. It’s hard to believe so much time has passed! Since then we’ve moved from Atlanta to Huntsville to Perrysburg, had three sons, gone to a lot of fascinating places together, and– most importantly– grown in our love for one another.
So, a big shout out on the off chance she’s reading this: I am so very thankful to have you for my wife. Every day I thank God for sending you to me, and I look forward to many more years together. I love you, and I always will. (And I promise never to introduce you as my first wife, like John does.)
Comments Off on 15 years, podna!
Filed under Friends & Family
Fun facts about Bruce Schneier
For the security-minded: get the truth about Bruce Schneier, popular crypto-pundit.
Filed under Security
EMC helps customers get off Lotus Notes/Domino
Cool! EMC (perhaps you’ve heard of them?) is launching an expanded service offering to help their customers migrate applications and data from Lotus’ collaboration platform to Microsoft’s stack. If I get time, I’ll watch their webcast and see what’s what.
Jason Mayans blogs on “smart scheduling”
Jason Mayans, one of the Exchange 2007 team’s product managers, has a new blog in which he discusses (among other things) how the new calendaring and scheduling features in Exchange 2007 came to be. It makes for interesting reading.
Comments Off on Jason Mayans blogs on “smart scheduling”
Filed under UC&C
Exchange storage and compaction
As Ed pointed out, Jack Dausman has a couple of articles about Exchange storage, and I finally have cycles to respond.
First, I find it a little sad that there’s so much effort being expended to help Chris Bordeleau tune his Domino server in the absence of any real data. Where are Domino’s performance monitoring and load testing tools? Are there no equivalents to jetstress and loadsim? Surely if Chris could post some actual performance data values the folks at Ed’s place would be able to help him out more directly.
Now, on to Jack’s postings. The Storage Magazine article he cites is, sad to say, old news to experienced Exchange administrators: using an archiving tool against Exchange won’t shrink the database unless you compact it. There are relatively few reasons why you’d actually do a compaction in practice, though:
- you move a lot of mailboxes from one database to another, thus reducing the amount of data needed for the source database
- you do a first run of an archiving / vaulting tool that removes a significant amount of message data
- you’re running so low on disk space that you need to reclaim white space, even though you know the store will grow again.
You certainly don’t need to run a tool like GOexchange regularly, as I’ve said before. Most sites don’t ever need to run it at all; after all, there are very few companies where the amount of stored e-mail is shrinking (don’t I wish!)
As to a couple of Jack’s other points:
- He says that Domino supports larger mail files than other systems. I think we’re having a semantic disconnect here: Exchange supports very, very large mailbox databases, but it’s uncommon to see individual mailboxes much larger than 6 GB or so. That’s not because of any hard-coded limit; it’s mostly because of poor client performance with older versions of Outlook. The big killer here is actually the number of items, not the mailbox size.
- He mentions turning off transactional logging to increase performance on Domino servers. Exchange doesn’t let you turn off transaction logging for the simple reason that it’s a key DR capability. I’m not sure under what circumstances it would make sense to trade off a small speed boost for degrading your DR capability.
Jack and Charles Robinson represent (IMHO) the best of the Domino community: they deal in technical discussions, not infantile bashing, and they understand their chosen products well enough to have intelligent discussions about them.
Comments Off on Exchange storage and compaction
Filed under UC&C
Ridiculous Sametime limitation
At first I thought this was a joke, but apparently not: Sametime doesn’t support LDAP paging, so in very large Active Directory environments IBM tells you to increase the result page size on your servers. Haven’t they ever heard of LDAP paging?
LCS 2005 courseware online
I had this flagged for blogging, and now that I’m back from vacation, I’m finally getting around to clearing out some of my queue! Anyway, Neil pointed out that Microsoft has released the Microsoft Official Curriculum (MOC) courseware for their LCS 2005 course, 7034A: Implementing Microsoft Office Live Communications Server 2005 SP1. If you’re interested in learning more about LCS, this is a good no-cost way to get an in-depth look at how it works and how to set up and manage it.
Comments Off on LCS 2005 courseware online
Filed under UC&C
Paul's Down-Home Page 