18 August 2017

PowerShell behind Authenticating proxy



I've seen this at my work a few to many times.
Certain command's just don't get through or something errors out with strange unidentifiable reasons.

Not all command in PowerShell will go through the proxy, IE will pass this on using Windows Integrated Authentication but the .NET Webclient used by PowerShell doesn't appear to do this.

How to get past this? Copy/paste this in your PowerShell windows and all your commands go through your proxy.

$wc = New-Object System.Net.WebClient
$wc.Proxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials
$wc.DownloadString('http://microsoft.com')

You could add this to your profile to load at startup:

New-item –type file –force $profile            
Notepad $profile

Paste in Notepad:

$wc = New-Object System.Net.WebClient
$wc.Proxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials
$wc.DownloadString('http://microsoft.com')

Save the Notepad Microsoft.PowerShellISE_profile.ps1 file

There is a request on Connect to have this looked at by the PowerShell team.
https://connect.microsoft.com/PowerShell/feedback/details/754102/a-cmdlet-to-create-a-proxy-configuration-settings-object

18 July 2017

Databasecopystatus unhealthy after installing Security update KB4018588 for Exchange 2013 CU16

I encountered another weird phenomenon after installing the security update KB4018588 for Exchange 2013 CU16.

Installed CU16 for Exchange 2013 on the active database servers and everything went fine, after that installed the security update and that went fine as well.
As a good admin I stopped the maintenace mode on the servers I updated, and checked the databasecopystatus. And there it was, all passive databasecopystatusses were failed.
After some digging around in found out that the searchhostcontroller service was disabled.
Now this service is turned on by default and should start automatically and takes care of Microsoft Exchange Search.

After setting the Microsoft Exchange Search Host service startup type as Automatic and restarting the Microsoft Exchange Search service the dabasecopystatus became healthy again.

13 July 2017

Largest FREE Microsoft eBook Giveaway 2017 - Download them all with PowerShell

It's the time of the year again!
Eric Ligman - the Director Sales Excellence at Microsoft has once again published a ton of free e-books.
This is the third year in a row he does this, and we get to benefit :-)
Like previous year there's no catch, just download and read your eyes out.

Small list of subjects what to expect:
  • Azure
  • Dynamics
  • Licensing
  • Office
  • Office365
  • PowerShell
  • SQL Server
  • System Center
  • Windows Clients
  • Windows Server
To download them all save this file as ".ps1"
2017 Free Ebook Collection

Run the script and the Ebooks will be downloaded to your Downloads\Free Ebooks 2017 folder.


I added the 2016 version as well:
2016 Free Ebook Collection
(Not all the links work anymore, so you might get some errors and 404's and 503's)

And here is the 2015 version:
2015 Free Ebook Collection
(Not all the links work anymore, so you might get some errors and 404's and 503's)

And 2014:
2014 Free Ebook Collection
(Not all the links work anymore, so you might get some errors and 404's and 503's)

There's a 2013 version as well, not downloadable by PowerShell and a bit to old but if you want some old reference material here is the website:
2013 Free Ebook Collection
And the 2012 website:
2012 Free Ebook Collection

06 July 2017

Exchange 2013 installing a CU, Schema update required or not?

Update 05-07-2017 - Exchange 2013 CU17 added

This is some of those things you need to check before updating an Exchange environment every time a new CU gets put out.

Do i need to do a Schema update or not?

I came across this post from Rhoderick Milne,

Table Of Exchange 2013 Schema Versions
Exchange Version
msExchProductId
rangeUpper
MESO objectVersion
Organisation objectVersion
Exchange 2013 RTM
15.00.0516.032
15137
13236
15449
Exchange 2013 CU1
15.00.0620.029
15254
13236
15614
Exchange 2013 CU2
15.00.0712.024
15281
13236
15688
Exchange 2013 CU3
15.00.0775.038
15283
13236
15763
Exchange 2013 SP1
15.00.0847.032
15292
13236
15844
Exchange 2013 CU5
15.00.0913.022
15300
13236
15870
Exchange 2013 CU6
15.00.0995.029
15303
13236
15965
Exchange 2013 CU7
15.00.1044.025
15312
13236
15965
Exchange 2013 CU8
15.00.1076.009
15312
13236
15965
Exchange 2013 CU9
15.00.1104.005
15312
13236
15965
Exchange 2013 CU10
15.00.1130.007
15312
13236
16130
Exchange 2013 CU11
15.00.1156.006
15312
13236
16130
Exchange 2013 CU12
15.00.1178.004
15312
13236
16130
Exchange 2013 CU13
15.00.1210.003
15312
13236
16130
Exchange 2013 CU14
15.00.1236.003
15312
13236
16130
Exchange 2013 CU15
15.00.1263.005
15312
13236
16130
Exchange 2013 CU16+.NET4.6.2
15.00.1293.002
15312
13236
16130
Exchange 2013 CU17
15.00.1320.004
15312
13236
16130
TechNet documents the expected values for the various Exchange 2013 objects in AD.

Check back here when a new CU is released.

Another top tip from Rhoderick is to install .net 4.6.1 after installing the CU and having the machine rebooted.
At the moment of writing .NET 4.7 is not supported for Exchange 2013 and Exchange 2016 no matter what CU you're on.

28 June 2017

Connect-EXOPSSession behind proxy

With the new Exchange Online Remote PowerShell Module you can connect to Exchange Online with MFA enabled on your account.
But what if you are behind a proxy and are unable to connect?
Chances are that there is one process that goes directly to the internet:





When trying to connect you get the error below:
This PowerShell module allows you to connect to Exchange Online service.            
            
To connect, use: Connect-EXOPSSession -UserPrincipalName your UPN            
            
To get additional information, use: Get-Help Connect-EXOPSSession            
            
PS C:\Users\> Connect-EXOPSSession -UserPrincipalName username@yourtenant.onmicrosoft.com            
New-ExoPSSession : Connecting to remote server outlook.office365.com failed with the following error message : WinRM ca            
nnot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the            
 network and that a firewall exception for the WinRM service is enabled and allows access from this computer. By defau            
lt the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet. Fo            
r more information, see the about_Remote_Troubleshooting Help topic.            
At C:\Users\brenke\AppData\Local\Apps\2.0\CCA4XODV.QGQ\BBNHW64J.DHE\micr..tion_c3bce3770c238a49_0010.0000_a5ac7e7ccec31            
8ba\CreateExoPSSession.ps1:179 char:22            
 PSSession = New-ExoPSSession -UserPrincipalName $UserPrincipalName -C ...            
                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~            
     CategoryInfo          : ResourceUnavailable: (:) [New-ExoPSSession], PSRemotingTransportException            
     FullyQualifiedErrorId : System.Management.Automation.Remoting.PSRemotingDataStructureException,Microsoft.Exchang            
   e.Management.ExoPowershellSnapin.NewExoPSSession

We have to force all traffic through the proxy, the easiest way to do this is with netsh:

Check current settings for the PowerShell session:
netsh winhttp show proxy

Current WinHTTP proxy settings:

Direct access (no proxy server).

Set the proxy server:
netsh winhttp set proxy proxy.domain.lan:8080

Current WinHTTP proxy settings:

Proxy Server(s) :  proxy.domain.lan:8080
Bypass List     :  (none)

Reset to no proxy server settings:
netsh winhttp reset proxy

Current WinHTTP proxy settings:

Direct access (no proxy server).

21 June 2017

Connect to Exchange Online with MFA enabled

Been searching a little while before I got this thru my skull.

I had enabled MFA for my account over at Exchange Online and tried to connect to the remote PowerShell. Immediately my screen turned red.
New-PSSession : [outlook.office365.com] Connecting to remote server outlook.office365.com 
failed with the following error message : [ClientAccessServer=VI1PR0101CA0080,
BackEndServer=am5pr10m 
b0595.eurprd10.prod.outlook.com RequestId=d3099d49-9287-419a-b22f-91e1bf7b888d,
TimeStamp=6/21/2017 10:43:42 AM] Access Denied For more information, see the 
about_Remote_Troubleshooting Help topic.

The access denied error is what triggered me to search for the MFA solution, because in the Office Portal I could log in just fine.

After some searching on the web I came across this:
https://technet.microsoft.com/library/mt775114.aspx
This just recently became available (for as far as I know), prior MFA had to be disabled for the Organisation Management account. Which is a terrible idea of course.

After installing the Exchange Online Remote PowerShell Module you get a new icon in your start menu.
After starting the new PowerShell module you're greated by this:
As you can see there's a new way to connect to Exchange Online with MFA enabled on your command.
The Connect-EXOPSSession is the new way, and a new commandlet not available in any of the installed modules the PowerShell Module directory.
I tried to find what module is explicitly loaded but was unsuccessful.
I think it downloads the module directly from the cloud, right after starting the module a black screen is briefly displayed and then the PowerShell window is shown.

Change Hyper-V Network Category from Public to Private with Powershell

This is one of those things that you can do multiple ways.
In my case however the normal routine of changing the network category type from Public to Private didn't work because my machine is domain joined.

When trying to create a HomeGroup you get this on a domain joined machine:
So PowerShell saves the day once again.
First see what adapters you have and what their current category is:
Get-NetConnectionProfile            
            
            
Name             : domain.lan            
InterfaceAlias   : vEthernet (External LAN Virtual Switch)            
InterfaceIndex   : 22            
NetworkCategory  : DomainAuthenticated            
IPv4Connectivity : Internet            
IPv6Connectivity : Internet            
            
Name             : Unidentified network            
InterfaceAlias   : vEthernet (Internal Virtual Switch)            
InterfaceIndex   : 8            
NetworkCategory  : Public            
IPv4Connectivity : NoTraffic            
IPv6Connectivity : NoTraffic

Then set the adapter to category private:
Set-NetConnectionProfile -InterfaceIndex 8 -NetworkCategory Private

Check the settings:
Get-NetConnectionProfile            
            
            
Name             : domain.lan            
InterfaceAlias   : vEthernet (External LAN Virtual Switch)            
InterfaceIndex   : 22            
NetworkCategory  : DomainAuthenticated            
IPv4Connectivity : Internet            
IPv6Connectivity : Internet            
            
Name             : Unidentified network            
InterfaceAlias   : vEthernet (Internal Virtual Switch)            
InterfaceIndex   : 8            
NetworkCategory  : Private            
IPv4Connectivity : NoTraffic            
IPv6Connectivity : NoTraffic