Internet Explorer 10 / 11 IE Warnung, GPO, Gruppenrichtlinien, Group Policy

by butsch 26. May 2015 23:35

Internet Explorer 10 / 11 IE Warnung, GPO, Gruppenrichtlinien, Group Policy

Error or PUP UP in IE10/IE11


Sie sind im Begriff, sich Seiten über eine sichere Verbindung anzeigen zu lassen. Keine Information, die Sie mit dieser Seite austauschen, kann von anderen Personen im Web gesehen werden.


You are about to view pages over a secure connection.


This seems not be possible with GPO or within an ADM/X from MS. You need to deploy a HKCU key.

Change this key from 1 > 0 per USER (HKCU)

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings









Integrate that into a GPO




Make sure you have a WMI filter so you only catch IE11 on clients:


See our Blog for infos on how to do that







Client Management | Deployment | Hotfixes / Updates

Exchange 2010 SP3 RU9 / 2013 CU8, ROLLUP and Android problems

by butsch 26. May 2015 02:16

A remote mailbox user receives the following error message when he or she tries to configure Exchange Active Sync account on an Android device:

Setup could not finish

Failed to search Exchange server automatically. Enter settings manually


If the MobileSyncRedirectBypass feature is causing the problem, you can turn it off by editing the web.config file for the Autodiscover protocol:

  1. Locate the web.config file for the Autodiscover protocol:
    1. For Exchange Server 2013 MBX, the file is in the following location:


    2. For Exchange Server 2010 CAS, the file is in the following location:


  2. Open the web.config in Notepad, and then change the existing string from "true" to "false."
  3. Save the file.
  4. Run IISRESET /Norecycle.

Follow these steps on all CAS servers that will receive Autodiscover queries from devices.


Exchange 2010 | Exchange 2013 | Microsoft Exchange | WSUS

Patchday May 2015, Windows Update 3020369 W7 stuck at stage 3 of 3

by butsch 18. May 2015 01:06

Patchday May 2015, Windows Update 3020369 W7 stuck at stage 3 of 3

Following of the four Mai/May 2015 Windows Updates from Patchday could get your Windows 7/8.x both 32BIT and 64BIT or Server 2008 R2 stuck at the stage "stage 3 of 3" Preparing to configure Windows. Do not turn off your computer.

 We think on Windows 7 64BIT this is caused by KB 3020369 which was reported false by some blogs as KB 3020269. This was an intermin patch released on 22.04.2014 (Between Avril and May Patchday intermin)

This seems related or narrowed down to those four Updates together with the May 2015 updates.

KB 3020369 (reported wrong by some blogs and copied 1:1 to other blogs 3020269 ;-)) (Read only DC)

On Server 2008 R2 this is the patch causing problems.


KB 3020370 > MAY 2015

KB 3045645 > MAY 2015

KB 3013531 (Windows Phone update .MKV Files)


May 2015 patches:



Microsoft 3020369

Restart stuck on "Stage 3 of 3"

After you install update 3020369 together with other updates, a restart may be required to complete the installation. During this restart, you may find yourself stuck on "Stage 3 of 3."


If you encounter this issue, press Ctrl+Alt+Delete to continue to log on. This should occur only one time and does not prevent updates from installing successfully.


The case is NOT related to KB 3046002.

Just press CTRL – ALT – DEL to skip the page. All updates should be installed correct.

This has also happened on an older patch KB 2533552.


Falls Sie diesen Logon Screen nach dem installieren von Windows Updates sehen melden Sie sich

Bitte durch Drücken der drei Tasten CTRL-ALT-DEL an Ihrem System an. Bitte stellen Sie den

PC nicht ab/aus.




CTRL – ALT – DEL (Drei Finger Combo)






W7 client, Error 2221 with Logonscripts

by butsch 12. May 2015 00:41

System Error 2221 has occurred in Batch Logonscripts

If you run a logon script on Windows 7 you get an error 2221 when the client tries to mount a network drive.

We have also seeing this appear in Outllook.exe with Exchange Server.

  • User suddenly can't connect to network share
  • Name Resolution is running
  • You can access the Server with \\ipadress\share but not with \\servername\share
  • The DNS the client gets are valid and are running
  • NSLOOKUP has no errors
  • THE DNS are correct
  • You did ipconfig /flushdns
  • You did a "netsh winsock reset" and Reboot
  • Checked time on DC and clients


Somehow user or applications get credentials for application WHICH may run on the same server as the Network shares Integrated in the Credentials manager. This may be outdated or wrong. Mayb working for a webserver and app that's runs on the server but not the fileshare SMB.


Here is how to solve it

Type start and search for


credentials manager



Check if the connecten/Credentials that does not work is there and remove it

In German it's called



Mcafee Security für Exchange 8.5, short review

by butsch 5. May 2015 05:05

Mcafee Security für Exchange

Mcafee hat eine stabile Virenschutz Version für Exchange 2010 heraus gebracht. Wir hatten bei Exchange 2007 einige Kunden welche zu Trend gewechselt haben weil Groupshield 7.X nicht sauber lief.

Die aktuellen Version 8.5 von Mcafee Security für Exchange scheint aber zumindest auf Exchange 2010 wieder sauber zu gehen. Bei 2013 würde ich dies derzeit nicht einsetzen oder ganz genau planen.

Das Ganze soll als Abfang oder zusätzlicher Scanner hinter einer z.B. Fortinet Fortimail oder Mcafee Webgateway laufen. On Demand Scans brauchen wohl immer noch viel CPU Last aber Mcafee hat hier dazu gelernt und ein Monitoring eingebaut fuer bestimmte Werte. Z.B. auch RPC Latenz Zeiten von Outlook.exe auf den Exchange. Dies waren Sachen welche bei der 7.X nicht sauber gingen.



Die meisten grösseren Kunden haben min. die Mcafee EPS Suite. Da ist nebst EPO, Mcafee Security für Exchange mit dabei als Lizenz.

Version und Namen

Letzte Groupshield Version 7.0.2 > Neu "Mcafee Security fort Microsoft Exchange" welches es in der dritten Version gibt. Sieht aber vom interface/GUI her gleich aus wie Groupshield. (Nachfolger)

Release Versions:

Einige wichtige Punkte bei der V8.5 Version:


Braucht als Basis:

Where to place:


So sieht es aus:

Install Optionen:

Standalone auf CAS-Array hinter Load Balancern:

Auf den CAS Servern lässt sich die Config Exportieren und auf dem zweiten CAS importieren.

Managed by EPO:

Ist die Installation EPO integriert kann man die Software via EPO deployen und auch zentral managen. (Ob man sich dies getraut soll jeder selber entscheiden)