French version below
Hi everyone,
the final release of Exchange 2010 SP1 is now available here : http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=50b32685-4356-49cc-8b37-d9c9d4ea3f5b
English version above
Bonjour à tous,
la version finale du SP1 pour Exchange 2010 est disponible au téléchargement au lien suivant : http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=50b32685-4356-49cc-8b37-d9c9d4ea3f5b
Part 1 – Part 2 – Part 3 – Part 4 (Not available yet)
In the previous posts, we have seen how to install exchange in hosted mode, and how to create a new tenant organization. Now I’ll tell you how to manage a tenant organization with mailbox, distribution lists, contacts, room et equipments.
1. Creating new Exchange objects
Well, I don’t know if you remember in HMC the provisioning for accounts needs to respect 2 steps :
- Use Hosted Active Directory to create a new user object.
- Use Hosted Email 2007 name space procedure to Mailbox enable the user using the appropriate user plan.
Now with Exchange 2010 SP1 you just need to use the available cmdlet in the Exchange Management Shell …
A – Creating a new mailbox
Right, first we are going to create different kinds of mailboxes : user, room and equipment mailbox and it’s very simple to do that. (to simplify a bit I’ll not use all parameters available for a list of complete parameters just use help included with Exchange).
Here is a summary for my objects properties :
- User 1:
- User 2:
- Room :
- Equipment:
i) Creating a mailbox for John Doe.
New-Mailbox –Organization “Hosted Nelite Test” –FirstName “John” –LastName “Doe” –DisplayName “John Doe” –Name “John Doe” –UserPrincipalName “John.Doe@hosted.nelite.com”
Just a little detail, when you specify the tenant organization you’ll be able to create an object using a non-accepted domain. Here is an example with Jane Doe and hosted.nelite.net…
Finally I created Jane Doe user with the same cmdlet like John 
ii) Creating a room mailbox for Conference Room #1.
New-Mailbox –Organization “Hosted Nelite Test” –Name “Conference Room #1” –UserPrincipalName “conf_room_1@hosted.nelite.com” –Room
iii) Creating a equipment mailbox for Video Projector #1.
New-Mailbox –Organization “Hosted Nelite Test” –Name “Video Projector #1” –UserPrincipalName “video_proj_1@hosted.nelite.com” –Equipment
iv) Checking mailboxes
For this tutorial purpose I’ll show you the result in OWA 
. Please note that OWA now require your email address to login instead of a Windows account like usual.
Or you can view details also in Powershell :
Get-Mailbox –Organization “Hosted Nelite Test” | Select-Object DisplayName, UserPrincipalName, RecipientTypeDetails
B – Creating a new distribution lists
Like the mailbox creation, the distribution list creation is very simple. In this example we will create a distribution group for Marketing department and John Doe will be the manager of this distribution group.
New-DistributionGroup –Organization “Hosted Nelite Test” –Name “DG for Marketing Department” –Type “Distribution” –ManagedBy “John Doe” –PrimarySmtpAddress “marketing@hosted.nelite.com”
Please note that the “ManagedBy” parameter is very important. Because we’re working with tenant, the distribution group creation will fail if you do not specify this parameter :
Great we now have a distribution group… but no members inside.
To do this we will use the Add-DistributionGroupMember cmdlet but unfortunately this cmdlet doesn’t accept the Organization parameter 
. If you tried to directly add a membler the cmdlet will fail :
Do not worry about this… here is the way to do it : simply pipe the Get-DistributionGroup cmdlet with the Add-DistributionGroupMember cmdlet :
Get-DistributionGroup –Organization “Hosted Nelite Test” –Identity “DG for Marketing Department” | Add-DistributionGroupMember –Member “john.doe@hosted.nelite.com”
You can see the new members using Get-DistributionGroupMember cmdlet like the first one :
Get-DistributionGroup –Organization “Hosted Nelite Test” –Identity “DG for Marketing Department” | Get-DistributionGroupMember
C – Creating a new contact
Very simple just run the New-MailContact cmdlet :
New-MailContact –Organization “Hosted Nelite Test” –FirstName “Yannick” –LastName “Varloud” –Name “Yannick Varloud” –DisplayName “Yannick Varloud” –ExternalEmailAddress “yannick.varloud@nelite.com”
2. Deleting Exchange objects
Well well well… It’s cool we have just worked with some Exchange objects and I’m going to delete them… Oh no ! 
So because I need to keep my account so I’ll delete some account creating only for this chapter.
A – Deleting a mailbox
Important detail you’ve to keep in mind. Because Exchange 2010 Hosted is working with several organizations it will be “more complicated” to delete a mailbox than usual.
Actually the remove-mailbox cmdlet doesn’t accept the “organization” parameter so if you tried to delete a tenant mailbox directly you’ll get an error in EMS :
Remove-Mailbox “john.doe@hosted.nelite.com”
To delete the tenant mailbox do the following :
Get-Mailbox –Organization “Hosted Nelite Test” –Identity “Yannick Varloud” | Remove-Mailbox
The screenshot below represent the view of my account before and after (it’s deleted) the operation.
B – Deleting a distribution group
Like the mailbox to delete a distribution group you need to pipe the Remove-DistributionGroup after the Get-DistributionGroup cmdlet to avoid object not found error.
Get-DistributionGroup –Organization “Hosted Nelite Test” –Identity “DG for Marketing Department” | Remove-DistributionGroup
C – Deleting a contact
Same as above… Thanks to the “|” witch save our lives !
Get-MailContact –Organization “Hosted Nelite Test” –Identity “Yannick Varloud” | Remove-MailContact
As you notice I don’t do anything for objects modifications. Because Exchange Hosted has a lot of new features I prefer waiting a bit to ensure that all I’ll post here is functional.
I actually don’t know what to put in Part 4… but I think I’ll write some words about Exchange Control Panel.
Part 1 – Part 2 – Part 3 – Part 4 (Not available yet)
Part 1 – Part 2 – Part 3 - Part 4 (Not available yet)
1. Remember…
… in my previous post “Exchange 2010 SP1 : Exchange Hosted […] Installing Exchange” we have seen how to install Exchange 2010 in hosting mode and view some configuration differences between a normal and a hosted install. After reading in detail the Exchange 2010 Hosted Help file here is a list of unsupported features :
- Exchange Management Console
- Public Folders
- Unified Messaging Server role
- Federation
- Business-to-Business features such as cross-premises message tracking and calendar sharing
- IRM
- Outlook 2003 support (EnableLegacyOutlook)
- Edge Transport Server role
If you want more information about Exchange 2010 Hosted features you can download the deployment help here : Exchange Hosted deployment guide
2. Why can’t we use Microsoft HMC ?
Now, we can create a new Tenant Organization in this Exchange Server 2010 SP1 Beta Hosting Deployment and the things being created in the whole process.
But, before that, let's look at HMC and understand what is involved in creating an Organization. As you know, the Organization creation process includes quite a few things, including OU, groups and etc. etc. In HMC, in order to create an Exchange enabled organization, you need to do the following if you remember :
- Use Hosted Active Directory to create a new organization.
- Then Subscribe the new organization to an Exchange Organization Plan
- Add the SMTP domain to the Organization
- Add User Plan/Service Plan to the organization.
- Create an organization administrator (required in Exchange 2010 hosted)
- Mailbox enable the user using the appropriate user plan (required in Exchange 2010 hosted)
Unfortunately, the actual HMC’s Hosted AD organization creation process doesn’t create an administrator (but some control panel will create one but –again- it may or may not mail enable the administrator account). That’s why I’ve added steps 5 and 6.
3. Creating a new organization
A – How to do it
After this little explanation, let’s look at how to do it with Exchange Management Shell with SP1 beta. Simply run the following cmdlet :
New-Organization –Name <organization name> –DomainName <smtp domain fqdn> –Location <language code> –ProgramID <your progID> –OfferID <your offerID> –AdministratorPassword (get-credential).password
In my example I used this one :
New-Organization –Name “Hosted Nelite Test” –DomainName “hosted.nelite.com” –Location en-US –ProgramID HostingSample –OfferID 2 –AdministratorPassword (get-credential).password
B – Some explanations on cmdlet parameters
First, the (Get-Credential).Password parameter. Don’t worry about username, this one won’t be used. Here we juste keep the password because in the new-organization process, EMS will create an account named “Administrator” with the provided password.
A bit more complicated, the ProgramID and OfferID. You remember the service plan files in the CAS directory and especially the csv file named “ServicePlanHostingRemap.csv” ? All ProgramID and OfferID are here :
The column header is ProgramID, OfferID, ServerPlanName. So, if I put ProgramID is HostingSample, OfferID is 2, I am selecting HostingAllFeatures.servicePlan as the plan that I will be using for this organization.
Finally it’s very easy, isnt’it ?
4. What does my cmdlet have done to my Active Directory ?
Open the Active Directory User and Computers Management Console (dsa.msc) and navigate to Microsoft Exchange Hosted Organizations. You should normally see something like that (depending of your new-organization cmdlet) :
- It created an OU in Microsoft Exchange Hosted Organizations
- Under the OU, it created the Administrator User
- It created some security groups like Organization Management, Recipient Management.
- It automatically put the Administrator into the appropriate groups.
- It automatically mailbox enable the Administrator
- It also created some special groups for the purpose of password policy and also a group that hos all the mailbox users.
- It also created some system objects.
Important thing ! When you run the new-organization cmdlet all actions are interpreted like one. So if you cancel the creation nothing is created in your Active Directory :
![SNAG-0033[5]](http://blogs.nelite.com/blogs/yvarloud/SNAG00335_68A198C9.png "SNAG-0033[5]")
Also in ADSIEdit you remember I told you in the first part, in the configuration partition, we had our new entry “ConfigurationUnits” without any data. Now all my new organization is settled up here :
As you can see, we will have many configuration items available for each hosted organization…
Next part will talk about mailbox creation.
Part 1 – Part 2 – Part 3 - Part 4 (Not available yet)
Part 1 – Part 2 – Part 3 - Part 4 (Not available yet)
One of the new feature available in the Exchange 2010 Service Pack 1 is the support of multi-tenant organization.
1. What’s a multi-tenant organization?
A multi-tenant organization lets you to manage different customer on your exchange as if they are separate exchange organization. A tenant can create new objects like mailboxes, distribution lists, address book in a secure and private way. Depending on customer wishes you can activate services or not…
As the administrator you can still manage all tenant organization.
2. Setting up a multi-tenant organization
With the Service Pack beta it’s a bit complicated to setup a multi-tenant organization but I’ll try to put light on it for you.
First problem… how to do that ? There’re no explanation anywhere in Exchange 2010 Help 
… I tried to download the Exchange Hosted deployment guide on Microsoft Website but almost all topics are still in “writing”…
A – Test lab configuration
For this tutorial I’ll use the following configuration :
- DC1 :
- Windows Server 2008 R2 hosting Active Directory in 2008 R2 (forest / domain)
- 1024 Mb RAM
- Full updated via Microsoft Update
- @IP : 10.0.0.200
- EXHOST1 :
- Windows Server 2008 R2 hosting Exchange 2010 SP1
- 3072 Mb of RAM
- Full updated via Microsoft Update
- @IP : 10.0.0.2010
Both machines are Hyper-V R2 hosted virtual machines.
B – First step : Pre-requisite features needed on EXHOST1
So… first step like a standard Exchange 2010 setup I’ve installed all prerequisites using “servermanagercmd /ip Exchange-All.xml” from my Exchange 2010 SP1 source directory. I know we can do it now with PowerShell but for this time I use the old way 
.
After server restart do not forget to set “Net.TCP Port Sharing” to automatically start.
Next install the Office 2010 Filter Pack available from Microsoft Website.
Finally install the KB981002, actually unavailable through Microsoft Update.
C – Second step : Installing Exchange 2010 on EXHOST1
Oh… I forget something I have to tell you… At this time Hosted Exchange can only be settled up via command-line tool. Sorry
So open a new command line with administrator rights and let’s go.
Here’s is the command-line I used :
setup.com /m:Install /r:M,C,H,T /OrganizationName:ExchangeHosted /Hosting
Look at the parameter in Bold… Without it we just install Exchange 2010 SP1 as usual. But by specifying /Hosted the Active Directory Topology will be prepared to host multi-tenant and Exchange installed for hosting.
As you can see, setup process will not differ from standard installation… but some things change…
3. Differences between Exchange Hosted and standard installation :
A – Sample Service Plan templates on the CAS Servers.
All service plan templates are located in <Exchange Install Dir>\Exchange Server\V14\ClientAccess\ServicePlans of your CAS Server.
You can see there are 2 types of files here. One is the ServicePlan templates that consists of the configurations of all the options that you can apply to a mailbox and more. So, think of it to be very similar to User Plan in HMC.
Then you have a CSV file, ServicePlanHostingRemap.csv that map the service plan templates to an offer and program ID.
B – Configuration Container
The configuration container definitely looks a bit different. Under the OU=Microsoft Exchange, it has an additional container called 'ConfigurationUnits'. It is empty at the moment but it won't be if a new organization is created.
C – Additional OU in Active Directory
Under the Domain Naming context (dsa.msc is the best way to view it), you can see there is an additional OU created. This OU is very similar to what the Hosting OU we have in HMC. This one is called 'Microsoft Exchange Hosted Organizations'. The container is obviously empty when you first create install the Exchange environment.
D – No Exchange Management Console
Sorry again but Exchange Management Console is not supported in a Datacenter environment.
E – Additional Security Groups
You may also see some security groups created that is not in the normal on premise Exchange environment. For example, Exchange All Hosted Organizations security group.
End of Part 1…
I’ll will link all my post about Exchange Hosted as soon as they will be available. Also for my French readers I’ll take time to translate in the future but at this time theses posts will only be available in English.
Part 1 – Part 2 – Part 3 - Part 4 (Not available yet)
French version below
The Exchange 2010 RU4 is now available to download !
For a list of changes that are included in this update rollup, see KB982639.
Download link : http://www.microsoft.com/downloads/details.aspx?familyid=09B4973E-3A80-4FB9-9F60-5C6E2B7A2727&displaylang=en
English version above
Le rollup 4 pour Exchange Server 2010 est maintenant disponible au téléchargement !
Pour obtenir une liste des modifications incluses dans ce correctif cumulatif, voir KB982639.
Lien de téléchargement : http://www.microsoft.com/downloads/details.aspx?displaylang=fr&FamilyID=09b4973e-3a80-4fb9-9f60-5c6e2b7a2727
French version below
When you activate clients protection with DPM 2010 you have to deploy the DPM Client UI (automatically installed with the agent) on your computer. This client gives you some information such as last sync. time, last recovery point, data protected but also offers a End-user recovery option.
But to enable this feature for user you’ve to respect some pre-requisite or (like the screenshot above) you may encounter an error will trying to list the recovery points available.
The pre-requisite are simple. First, you have to be a local administrator of the client you’re protecting. But you have to be declared directly in the local Administrators group because DPM Client UI doesn’t expand groups hierarchy to get user.
Second, it’s not a real pre-requisite but it’s important to know that. You will only see recovery points made until you’re in the local admins. group. All recovery made before will stay hidden.
And now it works 
English version above
Lors de l’activation de la protection des ordinateurs clients avec DPM 2010 il est nécessaire de déployer le “DPM Client UI” (installé automatiquement avec l’agent) sur l’ordinateur. Le client vous permettra de lister quelques informations comme la dernière heure de sync., le dernier point de restauration, la liste des données protégées… mais il offre également une fonctionnalité de restauration par l’utilisateur.
Mais, pour activer cette fonctionnalité pour les utilisateurs, deux pré-requis sont nécessaire ou (comme le montre la capture d’écran ci-dessus) vous rencontrerez une erreur indiquant un problème lors de la tentative de récupération des points de restauration.
Premièrement, l’utilisateur doit être administrateur local du poste que vous protéger. Mais attention, vous devrez déclarer l’utilisateur directement dans les membres du groupe “Administrateurs” local de votre machine, car DPM ne liste pas le contenu des groupes étendus.
Deuxièmement point, qui n’est pas réellement un pré-requis, mais qui a son importance, seuls les points de restauration créés depuis que l’utilisateur est administrateur local seront visible. Tous les points de restauration précédents resteront cachés.
Et miracle… ca fonctionne
French version below
Great news ! With Exchange 2010 SP1 a (very) great improvement on archive mailboxes management is arrived !
Before SP1 you were not able to select a specific database for archive mailbox. It was always stored with user mailbox.
Now, when you decide to activate Exchange Server 2010 lets you to choose on which Exchange Database the archive mailbox will be stored !
After enabling archive you will see that some User attributes are set for archive :
This new feature will now permit to store archives on 5.4K RPM disk instead of 10 or 15K RPM disk
English version above
Bonne nouvelle ! Avec l’arrivée du SP1 pour Exchange 2010 une (très) grande amélioration sur la gestion des BALs d’archive arrive !
Alors qu’auparavant la boite d’archive était stockée dans la même base que la BALs utilisateur, le service pack 1 permet maintenant à l’administrateur de sélectionner une base tierce pour le stockage des BALs d’archives !
![SNAG-0056[3]](http://blogs.nelite.com/blogs/yvarloud/SNAG00563_thumb_03263BEC.png "SNAG-0056[3]")
Après création de la BAL d’archives vous pourrez constater que de nombreux attributs non modifiables auparavant le sont maintenant..
![SNAG-0057[4]](http://blogs.nelite.com/blogs/yvarloud/SNAG00574_thumb_0E6F5029.png "SNAG-0057[4]")
Dans tous les cas cette nouvelle fonctionnalité permettra de stocker les archives sur disques lents à 5400tr/min plutot que sur les disques des bases de données active à 10.000 ou 15.000 tr/min !
French version below
The service pack 3 for Exchange 2007 has been released yesterday ! I check this morning but it hasn’t been published for download yet !
As far as I know prepare yourselves to upgrade again your Active Directory schema 
I’ll post the download link as soon as it will be post !
English version above
Le service pack 3 pour Exchange 2007 est sorti hier ! Malheureusement après vérification le lien pour le téléchargement n’est pas encore disponible !
De plus, il semblerait qu’un nouvel upgrade de schéma Active Directory soit à prévoir pour l’installation de se Service Pack.
Je posterais le lien dés qu’il sera disponible.
French version below
During a migration and a coexistence between Exchange 2003 and Exchange 2010, an Exchange 2003 hosted user may need to access to Exchange delegated mailboxes. In this case the Outlook client will work fine on the first connection but, will display you an error message.
If you restart the Outlook client it works, but… next time not, etc.
Microsoft lets you download a corrective patch for Exchange 2003 at the following url : http://support.microsoft.com/kb/979690/en-us
English version above
Durant une migration et une coexistence entre Exchange 2003 et Exchange 2010, il se peut qu’un utilisateur hébergé sur Exchange 2003 nécessite d’accéder à des BALs déléguées déjà en place sur Exchange 2010. Dans ce cas la première connexion fonctionnera mais vous aurez ensuite un message d’erreur dans le client Outlook.
Après redémarrage du client Outlook cela refonctionne, puis plus, etc.
Un correctif Exchange 2003 pour ce problème a été mis à disposition par Microsoft au lien suivant : http://support.microsoft.com/kb/979690/en-us
French version below
Since a fews days, you can get the service pack 1 for Exchange Server 2010 at the following Url : http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=a0965fc9-2723-4947-ae6b-74bc3808e72a
Enjoy it !
English version above
Depuis quelques jours, le service pack 1 pour Exchange Server 2010 est disponible au téléchargement à l’url suivante : http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=a0965fc9-2723-4947-ae6b-74bc3808e72a
French version below
During a migration from Exchange 2003 to Exchange 2010 for one of my customers we install the new Exchange 2010 with Rollup 3 (Exchange 2010 Setup in the first time, then apply RU3).
The first time I try to install the RU3 I just do it like everyone by double-clicking on the .msp file… But, a the end of Setup a strange message has been displayed :
Setup Wizard for Update Rollup 3 for Exchange Server 2010 (KB981401) ended prematurely because of an error. Your system has not been modified.
Instead it says “Your system has not been modified”, I discover Outlook Wep App was not working at all…
So I decided to uninstall RU3 and all’s working perfectly.
Finally, after discussing with Microsoft PFE, I try to install it with command-line tool :
msiexec /update Exchange2010-RU3.msp (replace with the right file name of course)
Setup worked perfectly !
It’s not the first time I had problem with Exchange RU… so be careful while upgrading your servers.
English version above
Durant la migration d’Exchange 2003 vers Exchange 2010 pour l’un de mes clients, nous avons procédé à une nouvelle installation d’Exchange Server 2010 avec le RU3 (installation simple d’Exchange 2010 dans un premier temps, puis upgrade vers le RU3).
Lors de la première tentative d’installation du RU3, j’ai procédé comme la plupart des gens en double-cliquant simplement sur le .msp… Malheureusement l’assistant d’installation ce terminait avec un message peu encourageant :
Setup Wizard for Update Rollup 3 for Exchange Server 2010 (KB981401) ended prematurely because of an error. Your system has not been modified.
Etrangement et alors que le message indiquait “Your system has not been modified”, j’ai pu constaté que Outlook Web App n’était plus fonctionnel…
J’ai donc décidé de désinstaller le RU3, ce qui a finalement permis de tout faire refonctionner.
Finalement après discussion avec un de mes collègues PFE chez Microsoft, il m’a recommandé de tenter de l’installer en ligne de commande :
msiexec /update Exchange2010-RU3.msp (en remaplaçant le nom de fichier par celui du MSP)
Le Setup s’est parfaitement déroulé et le RU3 parfaitement fonctionnel !
Ce n’est pas la première fois que je rencontre des soucis d’installation des RU pour Exchange Server donc restez vigilant lors de vos upgrades de serveurs !
French version below
I know I’m very late ! With OCS 2007 R2 supportability on Windows Server 2008 R2 Microsoft has also released a tool which permit to correct the bug encountered with KB974571.
You can run the tool “ocsasnfix.exe” before or after installing the KB.
You can download the tool here and consult the full article here.
English version above
Désolé pour le retard de ce post ! Avec l’arrivée de la supportabilité de OCS 2007 R2 sur Windows Server 2008 R2 Microsoft a également mis à disposition un outil permettant de corriger les bugs rencontrés après installation de la KB974571.
L’outil “ocsasnfix.exe” peut être exécuter avant ou après installation de la KB.
Vous pouvez télécharger l’outil ici et consulter l’article complet ici.
French version below
To allow an APP-V client to always use local cache data you’ve to modify some registry keys :
For x86 based systems the base registry is : HKLM\Software\Microsoft\Softgrid\4.5\Client
For x64 based systems the base registry is : HKLM\Sofwaire\WOW6432Node\Microsoft\Softgrid\4.5\Client
Under the base registry modify or create the following keys :
| Key | Type | Value |
| \Configuration\RequiredAuthorizationIfCached | DWORD | 0x00000000 |
| \Network\AllowDisconnectedOperation | DWORD | 0x00000001 |
| \Network\DOTimeoutMinutes | DWORD | 0xffffffff |
| \Network\Online | DWORD | 0x00000000 |
| \Permissions\ToggleOfflineMode | DWORD | 0x00000000 |
| \Permissions\UpdateOSDFile | DWORD | 0x00000001 |
Restart your computer and install your App-V package. You don’t need to be connected to a streaming server !
English version above
Pour autoriser le client APP-V à n’utiliser que des sources locale pour les applications il est simplement nécessaire de modifier quelques clés de registre :
Pour les systèmes x86 la clé de registre de base est : HKLM\Software\Microsoft\Softgrid\4.5\ClientHKLM
Pour les systèmes x64 la clé de registre sera la suivante : HKLM\Sofwaire\WOW6432Node\Microsoft\Softgrid\4.5\Client
Modifiez ensuite les clés suivantes se trouvant sous la clé de base :
| Key | Type | Value |
| \Configuration\RequiredAuthorizationIfCached | DWORD | 0x00000000 |
| \Network\AllowDisconnectedOperation | DWORD | 0x00000001 |
| \Network\DOTimeoutMinutes | DWORD | 0xffffffff |
| \Network\Online | DWORD | 0x00000000 |
| \Permissions\ToggleOfflineMode | DWORD | 0x00000000 |
| \Permissions\UpdateOSDFile | DWORD | 0x00000001 |
French version below
Well due to a large deployment of RDS with Remote App for one of our customers we were confronted to a RDS certificate problem.
As everyone know, RDS under Windows Server 2008 et 2008 R2 is signed by a self-signed certificate. You can find it under the Remote Desktop store in Certificates’ MMC
Because this certificate is self-signed clients may have a warning on connection informing you that the server’s certificate cannot be validated.
To avoid this problem, it’s necessary to affect a PKI signed certificate to Remote Desktop certificate store. Do not try to add a computer certificate directly in the store. It doesn’t work at all. The only way is to open “tsconfig.msc”
Right click on RDP-Tcp and select Properties
Click on the Select button and then choose your PKI Signed certificate for use with RDS (Computer template is right)
Finally click on “OK” and all’s done. All remote desktop connection will now be signed with your certificate.
Warning ! When you change the RDS certificate your CRL must be accessible by clients because a check is made for each connection.
English version above
En raison d’un déploiement des services RDS avec Remote App pour un de nos clients, nous avons été confronté à une problèmatique de certificat sur les services RDS.
Comme beaucoup d’entre vous le savent, les services RDS sous Windows Server 2008 et 2008 R2 sont signés à l’aide d’un certificat auto-signé du serveur. Vous pouvez par ailleurs trouver ce certificat dans le magasin “Remote Desktop” dans la MMC de gestion des certificats.
Le principal problème avec les certificats auto-signés est l’affichage d’un avertissement lors de la connexion distante indiquant que la provenance du certificat n’a pu être validée.
Pour contrer ce problème, il est donc nécessaire d’affecter un certificat signé par la PKI d’entreprise pour les services Remote Desktop. Alors inutile d’essayer d’ajouter directement un nouveau certificat dans le magasin “Remote Desktop” cela ne fonctionne malheureusement pas …
La méthode à suivre est la suivante exécutez la mmc “tsconfig.msc”.
Faites un clic droit sur RDP-Tcp et sélectionnez Properties
Cliquez sur le bouton “Select”, puis choisissez le certficat de votre PKI d’entreprise installée sur le serveur (le template de certificat Computer convient parfaitement)
Cliquez enfin sur “OK”. Toutes les nouvelles connexions aux services RDS seront maintenant signées avec le certificat de la PKI.
Attention ! Lorsque vous modifiez le certificats des services RDS, votre CRL devra être accessible par les clients de façon permanente car une vérification de cette dernière sera effectuée à chaque connexion.
French version below
For you who are using Office Communicator… Have you never dreamed to add custom status and the offline mode (like WLM) to your Office Communicator ?
Here are two tutorials to help you making it real !
1. Offline Status :
The first way is the use of GPOs. The policy name is “Enable the state Appear Offline” in the group policy. You need to enable it and ensure that the policy gets applied. (You might want to run gpupdate /force after applying this change).
Note: You will get above group policy setting after importing Communicator.adm template in the group policy object.
You can enable “Appear offline” status in office communicator using registry editor as well.
You need to create following registry DWORD and set its value as 1 to enable it.
The DWORD name is EnableAppearOffline, type is REG_DWORD and location is
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Communicator.
After making above change, exit from office communicator (from system tray) and relaunch it.
| Before : | After : |
 | 
|
2. Custom status :
Creating customs status is a bit complicated but not impossible !!!
You must first create a file named “presence.xml” in the Office Communicator installation directory (by default : C:\Program Files\Microsoft Office Communicator) using the following schema:
<?xml version="1.0"?> <customStates xmlns="http://schemas.microsoft.com/09/2009/communicator/customStates" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.microsoft.com/09/2009/communicator/customStates http://livecommteam/sites/main/ice/Wave%2012%20Docs/CustomActivities.xsd">
<customState ID="1" availability="busy">
<activity LCID="1033">Sleeping</activity>
</customState>
<customState ID="2" availability="online">
<activity LCID="1033">Surfing on FaceBook</activity>
</customState>
<customState ID="3" availability="do-not-disturb">
<activity LCID="1033">Watching football</activity>
</customState>
</customStates>
After creating your own file, open regedit and create an new String called CustomStateURL and set its value to the path of your file like this one : file://C:\\Program Files\\Microsoft Office Communicator\\Presence.xml
Close and open Communicator. Yours customs status are now available.
| Before : | After : |
|
| 
|
For more information about customs status : http://technet.microsoft.com/en-us/library/dd819946(office.13).aspx
Enjoy !
English version above
Pour ceux qui utiliserait Office Communicator… N’avez jamais rêvé de pouvoir ajouter des status personnalisé ou tout simplement pouvoir apparaitre “Hors ligne” (comme dans WLM) dans votre client Office Communicator ?
Et bien voici deux tutoriaux qui vous aideront à réaliser ce rêve !
1. Apparaitre Hors-Ligne :
La première méthode est l’utilisation de GPO. La politique “Enable the state Appear Offline” dans les GPOs vous permet de réaliser cela. Bien entendu cela implique qu’une GPO est été préalablement créée avec ce paramètrage et soit appliquée à votre poste de travail (la commande gpupdate /force vous permettra de forcer l’application de la GPO).
Note : La politique citée est disponible en important le template Communicator.adm dans la console GPMC.
Fort heureusement vous pouvez également activer la fonctionnalité en utilisant l’éditeur de registre.
Vous devez créer une nouvelle valeur de type DWORD et positionner sa valeur à 1 pour l’activer.
Le nom du DWORD est EnableAppearOffline, son type est REG_DWORD et son emplacement dans le registre est le suivant :
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Communicator.
Après modification du registre, quittez le client communicator et relancez le.
| Avant : | Après : |
|
|
2. Statuts personnalisés :
La création de status personnalisés est un poil plus compliquée mais loin d’être impossible !!!
Commencez par créer un fichier nommé “presence.xml” dans le répertoire d’installation d’Office Communicator (par défaut : C:\Program Files\Microsoft Office Communicator) en utilisant le schéma XML suivant :
<?xml version="1.0"?> <customStates xmlns="http://schemas.microsoft.com/09/2009/communicator/customStates" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.microsoft.com/09/2009/communicator/customStates http://livecommteam/sites/main/ice/Wave%2012%20Docs/CustomActivities.xsd">
<customState ID="1" availability="busy">
<activity LCID="1033">Sleeping</activity>
</customState>
<customState ID="2" availability="online">
<activity LCID="1033">Surfing on FaceBook</activity>
</customState>
<customState ID="3" availability="do-not-disturb">
<activity LCID="1033">Watching football</activity>
</customState>
</customStates>
Après avoir créé et modifié votre fichier, ouvrez regedit et créer un nouvel objet de type String nommé CustomStateURL et affecter lui pour valeur l’emplacement de votre fichier : file://C:\\Program Files\\Microsoft Office Communicator\\Presence.xml
Quittez et ouvrez votre client communicator...
| Avant : | Après : |
|
| |
Pour plus d’informations sur les statuts personnalisés : http://technet.microsoft.com/en-us/library/dd819946(office.13).aspx
More Posts
Next page »