Mcafee GETSUSP (Stinger V2) free Virus Scan / HIPS

by butsch 27. April 2015 01:13

Bei Virenbefall würde ich auf einzelnen Clients ab sofort das Tool mcafee GETSUSP laufen lassen. Dies zusätzlich zum VSE.

  1. GETSUSP Macht Scan auf GTI-basis (Cloud DB von Mcafee Online) (Manuell kann man auch Binaries uploaden um diese zu analysieren)
  2. Aktiviert (Nicht installiert) eine HIPS (IPS) Firewall welche den Netzwerk traffic überwacht wenn das Tool läuft (Scan Echtzeit Viren und Botnet traffic)
  3. Das Netzwerk HIPS Tool gibt es auch kostenlos fuer das TRAY (RAPTOR) (Dieses kann man einmal starten und ggf. nach dem Reboot aktivieren [Autostart]). Nach Säuberung von clients dieses Tool einige Tage drauf lassen.


Nachteile: Client muss online sein da P2P/GTI/Cloud check der files.

Vorteil: Es gibt eine EPO Version.


Hier kann man Binaries/Files auch online checken:


Mcafee Raptor (Kostenlose HIPS Firewall)


Mcafee GETSUPS (Stinger V2.0)


Upload Files to check online:



HTML Report:







Client Management | Mcafee VSE, EPO, DLP

Apple iPHONE Activesync & Exchange, April 2015 Bugs known

by butsch 22. April 2015 06:00

For people who are forced to integrate Iphone here a list of actual bugs if you use them on Exchange.

Still we personal believe it's the nicest device to Sync on Exchange except Windows Mobile itself.

Hopefully this will change with Windows 10 which will wash away the toys and BYOD hype!

After you read this how can you allow it?


1. Automatic meeting processing

Issue 1.12 - Appointment in Outlook or OWA is missing on iOS device

When a user syncs a mailbox by using an iOS device, the calendar on the device may be missing one or more appointments. These appointments are available when you view the calendar from Outlook or OWA. There may also be duplicate instances of the appointment in the calendar if the appointment is accepted from the device.

This issue is described in the following article in the Microsoft Knowledge Base: 


 Instance of calendar appointment is missing or duplicated on ActiveSync client

Apply the iOS 8.2 update. Apple has documented the issue in the following article from the Apple Knowledge Base:



Issue 1.11 - Known calendaring issues with iOS 8.x and iOS 7.x devices

Users of iOS 7.0.4, iOS 7.1.2, iOS 8.0.1, iOS 8.0.2, and iOS 8.1 devices (these are known collectively as 7.x and 8.x devices) may experience issues in which calendar items may be converted to plain text, may be truncated, or may generate multiple repair update messages. These issues were diagnosed as requiring changes to the iOS implementation of the Microsoft Exchange ActiveSync protocol. 

Apple was made aware of this issue, and customers who experience any of the symptoms that are described here should contact Apple for help.

For more information, see the following articles in the Microsoft Knowledge Base:



Known calendaring issues with iOS 8.x and iOS 7.x devices



Repair update messages received for TimeZoneMatchCheck failures


Issue 1.10 - Meetings that are scheduled for the end of the month do not appear on an iOS device

When a user syncs a mailbox by using an iOS device, and a recurring meeting is scheduled to occur on the 31st of every month, the meeting does not appear on the device for those months that do not have 31 days.


iOS does not honor the 31st-day recurrence pattern in the way that Outlook does. When a month does not have 31 days, Outlook displays the recurring meeting in the calendar on the last day of the month. However, iOS displays only those occurrences that land exactly on the 31st. This behavior also occurs with recurring meetings for the 29th-day and 30th-day recurrence patterns.

Issue 1.9 - An appointment does not update when you use Outlook in cached mode and room mailbox is an attendee

The following conditions cause an appointment not to update on an iOS device:

  • The organizer is using Outlook in cached mode.
  • A room mailbox is listed as an attendee.
  • Calendar processing for the room mailbox is set to AutoAccept.
  • The organizer makes a change to an instance of a recurring meeting.


The client receives multiple responses for this appointment from Exchange. The first response has a later-modified time stamp than the second response that contains the new time for the meeting. The client should always apply the changes from the latest Sync response for an item. The modified time stamp is an optional element and should not be considered authoritative.

The following are examples from the ActiveSync mailbox log for a device:

First log entry

<Exceptions xmlns="Calendar:">









Second log entry

<Exceptions xmlns="Calendar:">








<Email bytes="30"/>

<Name bytes="12"/>





<Email bytes="30"/>

<Name bytes="21"/>









Apply the iOS 8.2 update. Apple has documented this issue in the following article from the Apple Knowledge Base:


If this issue is not resolved by applying the iOS update, customers should remove the calendar from the list of folders to synchronize, wait several minutes, and then add the calendar back to the list of folders to synchronize.

All bugs with older IOS:


Exchange 2010, Certificate stays in PENDING REQUEST after import

by butsch 21. April 2015 23:57

Exchange 2010 / 2013

  1. Your made a Certificate Request in Exchange 2010 GUI or Console and sent to ISP
  2. You received the Response/Answer from your ISP and try to process/Import the answer (Works)
  3. The Certificate shows and stays "Pending Request" ion GUI and also Powershell (does not go away)

A reboot does not solve the problem. A re-import of the answer brings up "Cannot import certificate. A Certificate with the thumbprint * already exists"

Comment Butsch:

This unclear if this happens only with Wildcard Certificates like * or it happens because the "friendly name" used was identical. After the Repair of the Cert the Friendly name is blank. This would lead in that direction.


Solution is to use Certutil to repair the Certstore:

Get the thumbprint for the Certificate (You can't see in Exchange Powershell)

Import the Answer File you received from the ISP/Provider file in Internet Explorer or use any other Certificate viewer.

Shorten the Thumbprint you see under Thumbprint (Just remove spaces)

certutil -repairstore My "7ca6a0c********f802899b9921f50584d8702"

(If you ask: And yes it's "My" there and has to be like that)

Let's take a look at the Certificates again:

Get-exchangecertificate | fl

Now since the other one works remove the "PENDING/Stuck" request above:

Remove-exchangecertificate –thumbprint "F90*******"

Activate the Cert for Services as normal.

Please also see our other KB entries for GUI related Certs errors:



Exchange 2010, Activesync Partnership Fails when user moved to new OU in ADS

by butsch 21. April 2015 06:13



Error message when you try to perform a remote wipe operation for a device in Exchange Server 2010: "The ActiveSyncDevice identity cannot be found"

This is generated do a bug as we see it. The user with an ACTIVE Activesync Partnership HAS been moved to another OU in Active Directory.

This seems logical since a user who leaves the company at once should or may have his mobile remote wiped for legal reasons. However ONCE you have that case once a year this is not working.


To work around this issue, use one of the following methods, as appropriate for your situation.

Method 1: Move the user to the OU where the device was first synchronized

To work around this issue, follow these steps:

  1. Temporarily move the user back to the OU where the device was first synchronized.
  2. Wipe the device.
  3. Move the user to the OU that you want.

Method 2: Rename the user account in AD DS

To work around this issue, follow these steps:

  1. Temporarily rename the account to the original name.
  2. Wipe the device.
  3. Rename the account again.

Method 3: Use the Clear-ActiveSyncDevice cmdlet

To work around this issue, run the Clear-ActiveSyncDevice cmdlet, and use the device distinguished name.


Paul from has a Script which can check if this happens on accounts:

List devices who have the error

$easdevices = @(Get-ActiveSyncDevice)


foreach ($easdevice in $easdevices)


$easdevstats = Get-ActiveSyncDeviceStatistics $easdevice


Write-Host $easdevice.UserDisplayName -NoNewLine


if ($($easdevice.Identity.ToString()) -eq $($easdevstats.Identity.ToString()))


Write-Host -ForegroundColor Green " - IDs match"




Write-Host -ForegroundColor Red " - IDs don't match"

Write-Host -ForegroundColor Yellow $easdevice.Identity

Write-Host -ForegroundColor Yellow $easdevstats.Identity




Activation KMS, 2012R2 with W7 client, Visio/Project, FAQ 2015

by butsch 20. April 2015 22:59

In general: Microsoft again fails to explain short and clear some things like backwards compatibility and Activation of Visio and MS Project.

You can clear see the blogs and also social Technet discussion related to those issues.


I have Server 2008R2 and Windows 7 BUT also new Server 2012R2. I have a Server 2012R2 KMS do I have to add/register the 2008R2/W7 KMS to the new 2012R2 KMS?

No it's backwards down compatible. So the 2012R2 will show the 2008R2 and other KMS but ls the Windows 7 and 8 with the 2012R2 KMS key.

For the Office line you need a separate key and also install "Microsoft Office 2010 KMS Host Licence Pack" on the DOMAIN Controller you run the KMS.


How do i check KMS Status?

Use the batch script below to show all info you need.

Remember that certain products have a minimum of PCS he has too see before he start activation.

Servers = 5

Clients = 25

Office = also some pcs

Before THAT it will show 0 but some received.


Batch Script Check KMS status

@echo off


echo - kontrolliere Office 2010 KMS

echo ------------------------------

slmgr.vbs /dlv bfe7a195-4f8f-4f0b-a622-cf13c7d16864


echo - kontrolliere Server

echo ------------------------

slmgr.vbs /dlv


if not exist c:\edv md c:\edv

cscript c:\windows\system32\slmgr.vbs /DLV all > c:\edv\ksm_lizenzen_%date%.txt

notepad c:\edv\ksm_lizenzen_%date%.txt


How to I migrate a KMS Server

In general the new 2012R2 Domain Controller got up under same name. You remove the DNS info for the KMS. You register the new KMS 2012R2 key on the KMS.

The rest will be re-registered. Since there is a grace period on the servers, clients and office nothing will happen. Just read careful. Also maybe see short:



How to I use Visio and Office in KMS?

It's included in the Office 2010 KMS pack. But by Default out of the BOX Visio install the "PREMIUM" version and if you have another version you may need to change that KMS key.

Do I have to install a KMS key on the KMS Server like in Office 2010?

No, it's already included you can see and read on the download page for the "Office 2010 KMS Host licence Pack"


Pre Deployment keys for use with Software Deployment:



Visio Premium 2010


Visio Professional 2010


Visio Standard 2010




Some external Links we used:



Check also our Links related to KMS: