Apple iPHONE Activesync & Exchange, April 2015 Bugs known

by butsch 22. April 2015 06:00

For people who are forced to integrate Iphone here a list of actual bugs if you use them on Exchange.

Still we personal believe it's the nicest device to Sync on Exchange except Windows Mobile itself.

Hopefully this will change with Windows 10 which will wash away the toys and BYOD hype!

After you read this how can you allow it?

 

1. Automatic meeting processing

Issue 1.12 - Appointment in Outlook or OWA is missing on iOS device

When a user syncs a mailbox by using an iOS device, the calendar on the device may be missing one or more appointments. These appointments are available when you view the calendar from Outlook or OWA. There may also be duplicate instances of the appointment in the calendar if the appointment is accepted from the device.

This issue is described in the following article in the Microsoft Knowledge Base: 
3012590

(http://support.microsoft.com/kb/3012590)

 Instance of calendar appointment is missing or duplicated on ActiveSync client

Solution:
Apply the iOS 8.2 update. Apple has documented the issue in the following article from the Apple Knowledge Base:

https://support.apple.com/kb/DL1794?locale=en_US&viewlocale=en_US

(https://support.apple.com/kb/DL1794?locale=en_US&viewlocale=en_US)

 

Issue 1.11 - Known calendaring issues with iOS 8.x and iOS 7.x devices

Users of iOS 7.0.4, iOS 7.1.2, iOS 8.0.1, iOS 8.0.2, and iOS 8.1 devices (these are known collectively as 7.x and 8.x devices) may experience issues in which calendar items may be converted to plain text, may be truncated, or may generate multiple repair update messages. These issues were diagnosed as requiring changes to the iOS implementation of the Microsoft Exchange ActiveSync protocol. 

Apple was made aware of this issue, and customers who experience any of the symptoms that are described here should contact Apple for help.

For more information, see the following articles in the Microsoft Knowledge Base:

3015401

(http://support.microsoft.com/kb/3015401)

Known calendaring issues with iOS 8.x and iOS 7.x devices

3019798

(http://support.microsoft.com/kb/3019798)

Repair update messages received for TimeZoneMatchCheck failures

 

Issue 1.10 - Meetings that are scheduled for the end of the month do not appear on an iOS device

When a user syncs a mailbox by using an iOS device, and a recurring meeting is scheduled to occur on the 31st of every month, the meeting does not appear on the device for those months that do not have 31 days.

Cause

iOS does not honor the 31st-day recurrence pattern in the way that Outlook does. When a month does not have 31 days, Outlook displays the recurring meeting in the calendar on the last day of the month. However, iOS displays only those occurrences that land exactly on the 31st. This behavior also occurs with recurring meetings for the 29th-day and 30th-day recurrence patterns.

Issue 1.9 - An appointment does not update when you use Outlook in cached mode and room mailbox is an attendee

The following conditions cause an appointment not to update on an iOS device:

  • The organizer is using Outlook in cached mode.
  • A room mailbox is listed as an attendee.
  • Calendar processing for the room mailbox is set to AutoAccept.
  • The organizer makes a change to an instance of a recurring meeting.

Cause

The client receives multiple responses for this appointment from Exchange. The first response has a later-modified time stamp than the second response that contains the new time for the meeting. The client should always apply the changes from the latest Sync response for an item. The modified time stamp is an optional element and should not be considered authoritative.

The following are examples from the ActiveSync mailbox log for a device:

First log entry

<Exceptions xmlns="Calendar:">

<Exception>

<DtStamp>20131112T184410Z</DtStamp>

<StartTime>20131128T170000Z</StartTime>

<EndTime>20131128T180000Z</EndTime>

<ExceptionStartTime>20131128T170000Z</ExceptionStartTime>

<MeetingStatus>1</MeetingStatus>

</Exception>

</Exceptions>


Second log entry

<Exceptions xmlns="Calendar:">

<Exception>

<DtStamp>20131112T184334Z</DtStamp>

<StartTime>20131128T190000Z</StartTime>

<EndTime>20131128T200000Z</EndTime>

<ExceptionStartTime>20131128T170000Z</ExceptionStartTime>

<Attendees>

<Attendee>

<Email bytes="30"/>

<Name bytes="12"/>

<AttendeeStatus>0</AttendeeStatus>

<AttendeeType>1</AttendeeType>

</Attendee>

<Attendee>

<Email bytes="30"/>

<Name bytes="21"/>

<AttendeeStatus>0</AttendeeStatus>

<AttendeeType>3</AttendeeType>

</Attendee>

</Attendees>

<MeetingStatus>1</MeetingStatus>

</Exception>

</Exceptions>


Solution

Apply the iOS 8.2 update. Apple has documented this issue in the following article from the Apple Knowledge Base:

https://support.apple.com/kb/DL1794?locale=en_US&viewlocale=en_US

(https://support.apple.com/kb/DL1794?locale=en_US&viewlocale=en_US)



If this issue is not resolved by applying the iOS update, customers should remove the calendar from the list of folders to synchronize, wait several minutes, and then add the calendar back to the list of folders to synchronize.

All bugs with older IOS:

https://support.microsoft.com/en-us/kb/2563324

Tags:

Exchange 2010, Certificate stays in PENDING REQUEST after import

by butsch 21. April 2015 23:57

Exchange 2010 / 2013

  1. Your made a Certificate Request in Exchange 2010 GUI or Console and sent to ISP
  2. You received the Response/Answer from your ISP and try to process/Import the answer (Works)
  3. The Certificate shows and stays "Pending Request" ion GUI and also Powershell (does not go away)

A reboot does not solve the problem. A re-import of the answer brings up "Cannot import certificate. A Certificate with the thumbprint * already exists"

Comment Butsch:

This unclear if this happens only with Wildcard Certificates like *.customer.ch or it happens because the "friendly name" used was identical. After the Repair of the Cert the Friendly name is blank. This would lead in that direction.

 

Solution is to use Certutil to repair the Certstore:

Get the thumbprint for the Certificate (You can't see in Exchange Powershell)

Import the Answer File you received from the ISP/Provider file in Internet Explorer or use any other Certificate viewer.

Shorten the Thumbprint you see under Thumbprint (Just remove spaces)

certutil -repairstore My "7ca6a0c********f802899b9921f50584d8702"

(If you ask: And yes it's "My" there and has to be like that)

Let's take a look at the Certificates again:

Get-exchangecertificate | fl

Now since the other one works remove the "PENDING/Stuck" request above:

Remove-exchangecertificate –thumbprint "F90*******"

Activate the Cert for Services as normal.

Please also see our other KB entries for GUI related Certs errors:

http://www.butsch.ch/post/The-certificate-is-invalid-for-exchange-server-usage-Exchange-2010-SANUC.aspx

 

Tags:

Exchange 2010, Activesync Partnership Fails when user moved to new OU in ADS

by butsch 21. April 2015 06:13

 

Error:

Error message when you try to perform a remote wipe operation for a device in Exchange Server 2010: "The ActiveSyncDevice identity cannot be found"

This is generated do a bug as we see it. The user with an ACTIVE Activesync Partnership HAS been moved to another OU in Active Directory.

This seems logical since a user who leaves the company at once should or may have his mobile remote wiped for legal reasons. However ONCE you have that case once a year this is not working.

KB MS:

https://support.microsoft.com/en-us/kb/2721428

To work around this issue, use one of the following methods, as appropriate for your situation.

Method 1: Move the user to the OU where the device was first synchronized

To work around this issue, follow these steps:

  1. Temporarily move the user back to the OU where the device was first synchronized.
  2. Wipe the device.
  3. Move the user to the OU that you want.


Method 2: Rename the user account in AD DS

To work around this issue, follow these steps:

  1. Temporarily rename the account to the original name.
  2. Wipe the device.
  3. Rename the account again.


Method 3: Use the Clear-ActiveSyncDevice cmdlet

To work around this issue, run the Clear-ActiveSyncDevice cmdlet, and use the device distinguished name.

https://social.technet.microsoft.com/Forums/exchange/en-US/d2bde27e-7bb0-4440-9bdb-c2fd8bd1dfcf/activesync-problem-cant-remote-wipe-because-of-different-identities?forum=exchangesvrmobilitylegacy

 

Paul from ExchangeServerpro.com has a Script which can check if this happens on accounts:

http://exchangeserverpro.com/exchange-2010-error-activesyncdevice-cannot-be-found-remote-wipe/

List devices who have the error

$easdevices = @(Get-ActiveSyncDevice)

 

foreach ($easdevice in $easdevices)

{

$easdevstats = Get-ActiveSyncDeviceStatistics $easdevice

 

Write-Host $easdevice.UserDisplayName -NoNewLine

 

if ($($easdevice.Identity.ToString()) -eq $($easdevstats.Identity.ToString()))

{

Write-Host -ForegroundColor Green " - IDs match"

}

else

{

Write-Host -ForegroundColor Red " - IDs don't match"

Write-Host -ForegroundColor Yellow $easdevice.Identity

Write-Host -ForegroundColor Yellow $easdevstats.Identity

}

}

Tags:

Activation KMS, 2012R2 with W7 client, Visio/Project, FAQ 2015

by butsch 20. April 2015 22:59

In general: Microsoft again fails to explain short and clear some things like backwards compatibility and Activation of Visio and MS Project.

You can clear see the blogs and also social Technet discussion related to those issues.

 

I have Server 2008R2 and Windows 7 BUT also new Server 2012R2. I have a Server 2012R2 KMS do I have to add/register the 2008R2/W7 KMS to the new 2012R2 KMS?

No it's backwards down compatible. So the 2012R2 will show the 2008R2 and other KMS but ls the Windows 7 and 8 with the 2012R2 KMS key.

For the Office line you need a separate key and also install "Microsoft Office 2010 KMS Host Licence Pack" on the DOMAIN Controller you run the KMS.

http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=25095

 

How do i check KMS Status?

Use the batch script below to show all info you need.

Remember that certain products have a minimum of PCS he has too see before he start activation.

Servers = 5

Clients = 25

Office = also some pcs

Before THAT it will show 0 but some received.

 

Batch Script Check KMS status

@echo off

cls

echo - kontrolliere Office 2010 KMS

echo ------------------------------

slmgr.vbs /dlv bfe7a195-4f8f-4f0b-a622-cf13c7d16864

 

echo - kontrolliere Server

echo ------------------------

slmgr.vbs /dlv

 

if not exist c:\edv md c:\edv

cscript c:\windows\system32\slmgr.vbs /DLV all > c:\edv\ksm_lizenzen_%date%.txt

notepad c:\edv\ksm_lizenzen_%date%.txt

 

How to I migrate a KMS Server

https://technet.microsoft.com/de-de/library/ff923247(v=office.14).aspx

In general the new 2012R2 Domain Controller got up under same name. You remove the DNS info for the KMS. You register the new KMS 2012R2 key on the KMS.

The rest will be re-registered. Since there is a grace period on the servers, clients and office nothing will happen. Just read careful. Also maybe see short:

http://www.butsch.ch/post/Setup-of-KMS-server-in-Enterprise-an-several-unwanted-KMS-DNS-Entrys.aspx

 

 

How to I use Visio and Office in KMS?

It's included in the Office 2010 KMS pack. But by Default out of the BOX Visio install the "PREMIUM" version and if you have another version you may need to change that KMS key.

Do I have to install a KMS key on the KMS Server like in Office 2010?

No, it's already included you can see and read on the download page for the "Office 2010 KMS Host licence Pack"

 

http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=25095

http://blogs.msdn.com/b/visio/archive/2010/07/28/volume-activation-for-visio-2010-explained.aspx

 

Pre Deployment keys for use with Software Deployment:

SKU

Key

Visio Premium 2010

D9DWC-HPYVV-JGF4P-BTWQB-WX8BJ

Visio Professional 2010

7MCW8-VRQVK-G677T-PDJCM-Q8TCP

Visio Standard 2010

767HD-QGMWX-8QTDB-9G3R2-KHFGJ

 

 

Some external Links we used:

https://social.technet.microsoft.com/Forums/office/en-US/ea058f31-b7a7-4ce5-bcae-3f8ba0c0d4fd/how-to-add-kms-for-visio-2010?forum=visiogeneral

https://social.technet.microsoft.com/Forums/windowsserver/en-US/7f5e6118-3d35-4a54-8856-050bcee4cf52/setup-a-kms-server-on-windows-server-2008-r2?forum=winserversetup

http://www.server-talk.eu/2013/01/28/key-management-service-kms-mit-windows-server-2012/

 

 

Check also our Links related to KMS:

http://www.butsch.ch/post/Office-2010-APPV-MAK-oder-KMS-Server-Product-Activation.aspx

http://www.butsch.ch/post/Setup-of-KMS-server-in-Enterprise-an-several-unwanted-KMS-DNS-Entrys.aspx

http://www.butsch.ch/post/KMS-Activation-failed-with-Server-2008R2-SP1-or-Windows-7-SP1.aspx

 

 

Tags:

NIC Intel(R) Ethernet Connection I217-LM Deployment Driver

by butsch 16. April 2015 01:27

Intel(R) Ethernet Connection I217-LM Deployment problems

HP Zbook, Probook 650G1 (See below for full range info)

 

OS Deployment problems with Intel NIC i217-V (I217V) under Windows 7 64BIT and different Deployment Software Like Frontrange-Enteo, SCCM, Symantec and also with Windows Deployment.

Main problem is that the Windows PE 3.X that most Deployment solutions use accepts a less DEVICEID (A shorter). Also the NIC somehow seems to have timing problems and just behaves different than others during unattended setup.

 

Your Windows PE will work with any driver DeviceID:

PCI\VEN_8086&DEV_153B

But the Windows 7 Setup that your Deployment does need is more specific driver and checks behind that base DeviceID:

PCI\VEN_8086&DEV_153B&SUBSYS_00008086 (Sample)




06.09.2013, 12.8.33.9427 < GEHT NICHT
06.06.2014, 12.11.77.2 < GEHT NICHT
31.07.2014, 12.12.50.7205 (
REV: A PASS: 4
) < GEHT von HP Carepaq, sp68420

Check! VERSION: 12.12.50.7205 REV: A PASS: 4

ftp://ftp.hp.com/pub/softpaq/sp68001-68500/sp68420.html

 

Screenshot shows Driver 12.8.33 from original HP factory setup W7 64BIT which DOES not work for Deployment.


The HP Factory NIC Setup shows following Device-ID (W7 64BIT) which does not work for deployment

NIC

PCI\VEN_8086&DEV_153B&REV_04

PCI\VEN_8086&DEV_153B

PCI\VEN_8086&CC_020000

PCI\VEN_8086&CC_0200

PCI\VEN_8086

PCI\CC_020000

PCI\CC_0200

 

Errors your will see in c:\windows\panther with wrong driver (No NIC in OS phase / Not Windows PE)

Setuperr.log

»¿2015-04-15 09:57:35, Error [DJOIN.EXE] Unattended Join: NetJoinDomain failed error code is [1355]

2015-04-15 09:57:35, Error [DJOIN.EXE] Unattended Join: DsGetDcName test failed: 0x54b, last error is 0x0, breaking if debugger attached...

2015-04-15 09:57:35, Error [DJOIN.EXE] Unattended Join: Unable to join; gdwError = 0x54b

 

DSJOIN error in Logfiles (C:\Windows\Panther\UnattendGC\UnattendedJoinDCLocator.etl)

2015-04-15 09:50:34, Warning [DJOIN.EXE] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x0, will retry in 5 seconds...

2015-04-15 09:50:39, Warning [DJOIN.EXE] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x0, will retry in 5 seconds...

2015-04-15 09:50:44, Warning [DJOIN.EXE

 

 

Working Driver, 07/31/2014,12.12.50.7205

 

You need the INF file with the three DeviceID:

%E153BNC.DeviceDesc% = E153B.6.1.1, PCI\VEN_8086&DEV_153B

%E153BNC.DeviceDesc% = E153B.6.1.1, PCI\VEN_8086&DEV_153B&SUBSYS_00008086

%E153BNC.DeviceDesc% = E153B.6.1.1, PCI\VEN_8086&DEV_153B&SUBSYS_00011179

 

Extract File: e1d62x64.inf (Working Driver which should work for the PHASE after Windows PE Format/Copies the Disk with your deployment. {Unattended phase}) (NOT Windows PE)

[Version]

Signature = "$Windows NT$"

Class = Net

ClassGUID = {4d36e972-e325-11ce-bfc1-08002be10318}

Provider = %Intel%

CatalogFile = e1d62x64.cat

DriverVer = 07/31/2014,12.12.50.7205

 

 

[Manufacturer]

%Intel% = Intel, NTamd64.6.1, NTamd64.6.1.1, NTamd64.6.2

 

[ControlFlags]

ExcludeFromSelect = \

PCI\VEN_8086&DEV_153A,\

PCI\VEN_8086&DEV_153B

 

[Intel]

 

[Intel.NTamd64.6.1.1]

; DisplayName Section DeviceID

; ----------- ------- --------

%E153ANC.DeviceDesc% = E153A.6.1.1, PCI\VEN_8086&DEV_153A

%E153ANC.DeviceDesc% = E153A.6.1.1, PCI\VEN_8086&DEV_153A&SUBSYS_00008086

%E153ANC.DeviceDesc% = E153A.6.1.1, PCI\VEN_8086&DEV_153A&SUBSYS_00011179

%E153BNC.DeviceDesc% = E153B.6.1.1, PCI\VEN_8086&DEV_153B

%E153BNC.DeviceDesc% = E153B.6.1.1, PCI\VEN_8086&DEV_153B&SUBSYS_00008086

%E153BNC.DeviceDesc% = E153B.6.1.1, PCI\VEN_8086&DEV_153B&SUBSYS_00011179

%E155ANC.DeviceDesc% = E155A.6.1.1, PCI\VEN_8086&DEV_155A

%E155ANC.DeviceDesc% = E155A.6.1.1, PCI\VEN_8086&DEV_155A&SUBSYS_00008086

%E155ANC.DeviceDesc% = E155A.6.1.1, PCI\VEN_8086&DEV_155A&SUBSYS_00011179

%E1559NC.DeviceDesc% = E1559.6.1.1, PCI\VEN_8086&DEV_1559

%E1559NC.DeviceDesc% = E1559.6.1.1, PCI\VEN_8086&DEV_1559&SUBSYS_00008086

%E1559NC.DeviceDesc% = E1559.6.1.1, PCI\VEN_8086&DEV_1559&SUBSYS_00011179

%E15A0NC.DeviceDesc% = E15A0.6.1.1, PCI\VEN_8086&DEV_15A0

%E15A0NC.DeviceDesc% = E15A0.6.1.1, PCI\VEN_8086&DEV_15A0&SUBSYS_00008086

%E15A1NC.DeviceDesc% = E15A1.6.1.1, PCI\VEN_8086&DEV_15A1

%E15A1NC.DeviceDesc% = E15A1.6.1.1, PCI\VEN_8086&DEV_15A1&SUBSYS_00008086

%E15A2NC.DeviceDesc% = E15A2.6.1.1, PCI\VEN_8086&DEV_15A2

 

Device ID from working I217V for Deployment Driver, 12.12.50.7205, 2014, HP Softpaq68420

PCI\VEN_8086&DEV_153A;PCI\VEN_8086&DEV_153A&SUBSYS _00008086;PCI\VEN_8086&DEV_153A&SUBSYS_00011179;PC I\VEN_8086&DEV_153A&SUBSYS_1909103C;PCI\VEN_8086&D EV_153A&SUBSYS_190A103C;PCI\VEN_8086&DEV_153A&SUBS YS_2253103C;PCI\VEN_8086&DEV_153A&SUBSYS_2255103C; PCI\VEN_8086&DEV_153B;PCI\VEN_8086&DEV_153B&SUBSYS _00008086;PCI\VEN_8086&DEV_153B&SUBSYS_00011179;PC I\VEN_8086&DEV_1559;PCI\VEN_8086&DEV_1559&SUBSYS_0 0008086;PCI\VEN_8086&DEV_1559&SUBSYS_00011179;PCI\ VEN_8086&DEV_155A;PCI\VEN_8086&DEV_155A&SUBSYS_000 08086;PCI\VEN_8086&DEV_155A&SUBSYS_00011179;PCI\VE N_8086&DEV_155A&SUBSYS_198F103C;PCI\VEN_8086&DEV_1 55A&SUBSYS_1991103C;PCI\VEN_8086&DEV_155A&SUBSYS_1 993103C;PCI\VEN_8086&DEV_155A&SUBSYS_2101103C;PCI\ VEN_8086&DEV_155A&SUBSYS_213E103C;PCI\VEN_8086&DEV _15A0;PCI\VEN_8086&DEV_15A0&SUBSYS_00008086;PCI\VE N_8086&DEV_15A1;PCI\VEN_8086&DEV_15A1&SUBSYS_00008 086;PCI\VEN_8086&DEV_15A2;PCI\VEN_8086&DEV_15A2&SU BSYS_00008086;PCI\VEN_8086&DEV_15A2&SUBSYS_0001117 9;PCI\VEN_8086&DEV_15A2&SUBSYS_2216103C;PCI\VEN_80 86&DEV_15A2&SUBSYS_221B103C;PCI\VEN_8086&DEV_15A2& SUBSYS_225A103C;PCI\VEN_8086&DEV_15A2&SUBSYS_22701 03C;PCI\VEN_8086&DEV_15A2&SUBSYS_2271103C;PCI\VEN_ 8086&DEV_15A2&SUBSYS_22DA103C;PCI\VEN_8086&DEV_15A 2&SUBSYS_22FB103C;PCI\VEN_8086&DEV_15A3;PCI\VEN_80 86&DEV_15A3&SUBSYS_00008086;PCI\VEN_8086&DEV_15A3& SUBSYS_00011179

 

 

INF file HP CVA / Softpaq 68420 Infos

TITLE: Intel I217LM/V and I218LM Gigabit Ethernet Driver

VERSION: 12.12.50.7205 REV: A PASS: 4
DESCRIPTION:
This package contains the driver installation package for the Intel I217LM/V and
I218LM This build has post-beta drivers that are Intel-Signed Gigabit Ethernet
Controller in the supported notebook models and operating systems.

PURPOSE: Routine
SOFTPAQ FILE NAME: SP68420.exe
SOFTPAQ MD5: a369c6b348bb54a453afae2435f988a3
SUPERSEDES: SP67164
EFFECTIVE DATE: August 26, 2014
CATEGORY: Driver-Network
SSM SUPPORTED: Yes

PRODUCT TYPE(S):
Notebooks

HARDWARE PRODUCT MODEL(S):
HP ZBook 17 G2 Mobile Workstation
HP ZBook 17 Mobile Workstation
HP EliteBook Folio 9480m Notebook PC
HP EliteBook Folio 1040 G1 Notebook PC
HP EliteBook 840 G1 Notebook PC
HP ZBook 14 Mobile Workstation
HP EliteBook 740 G1 Notebook PC
HP EliteBook 850 G1 Notebook PC
HP EliteBook 750 G1 Notebook PC
HP ZBook 15 G2 Mobile Workstation
HP ProBook 640 G1 Notebook PC
HP ProBook 650 G1 Notebook PC
HP ZBook 15 Mobile Workstation

 

Links:

http://www.symantec.com/connect/forums/ghost-loop

https://downloadcenter.intel.com/search?keyword=Intel%28R%29+Ethernet+Connection+I217-V

http://serverfault.com/questions/649507/mdt-deployment-issue-driver-not-loading-i217-lm-on-mdt

https://communities.intel.com/thread/43218

http://forum.enteo.com/showthread.php?t=15396&page=2

ftp://ftp.hp.com/pub/softpaq/sp68001-68500/sp68420.html

 

 

 


 

Tags:

Deployment | Frontrange Enteo V6/7 | Microsoft SCCM 2007