Friday, August 31, 2012

Aug 30, Update Your Java NOW!

Java has a severe security flaw in it that is publicly known and exploited by a number or virus toolkits. Oracle has finally realeased and update that fixes this flaw. This flaw is severe enough and well known enough that it is being released outside of the standard update cycle.

By default Java does not check for daily updates, it might be up to a month before your system automatically detects that there is a new update. If you have not already been prompted to update Java, you should do it manually.

  1. In Control Panel, open Java. (you can also type Java from the search box in Start menu to find it)
  2. On the Update tab, click Update Now.
  3. Follow the onscreen instructions.

Sunday, August 26, 2012

Monitor and Start Critical Services with PowerShell

We have multiple virtual machines running on a single Hyper-V host. Due to resource contention during startup, sometimes not all services start properly on one VM. To resolve this I created small PowerShell script that checks the status of some specific critical services and if they are stopped, starts them. I've scheduled the script to run hourly.


Foreach ($s in $services) {
    If ($s.status -ne "Running") {
        Start-Service $s
The $services variable contains the list of all the services names that are monitored. The script uses a foreach loop to examine the status of each service and start the service if the status is anything other than Running.

Friday, August 10, 2012

MED-V (Not for Windows 8)

MED-V is a virtualization technology that was enabled by Virtual PC on Windows 7. It had the advantage of presenting applications installed in a Windows XP virtual machine directly in Windows 7. Nice, but not widely used.

In Windows 8, Virtual PC has been replaced in Windows 8 by Client Hyper-V. As a consequence MED-V is not supported on Windows 8. The Windows XP Mode included as part of Windows 7 is also unsupported due to the loss of Virtual PC.

An announcement is here:

Thursday, August 9, 2012

PowerShell Cmdlets for Networking

Windows Server 2012 and Windows 8 include PowerShell 3 with some new cmdlets for networking. For me this means the end of netsh for network configuration. It’s not that I ever used netsh much but it was occasionally useful for scripting. The following is a list of what I think will be some useful cmdlets.

Get-NetIPInterface: Queries and displays a list of interfaces on the computer. The list includes the IP addresses associated with an interface. Each interface has an index number that you can use to identify the interface with other cmdlets. So, this is similar to IPConfig /all.

Get-NetIPInterface | Format-List

Set-NetIPInterface: Modifies the configuration of an interface on the computer. You can use this to enable DHCP on an interface.

Set-NetIPInterface –InterfaceIndex 12 –DHCP Enabled

New-NetIPAddress: Adds an IP address to an interface. It is not possible to change an existing IP address, you must remove and create a new IP address. This cmdlet allows you to set the default gateway and subnet mask.

New-NetIPAddress –InterfaceIndex 12 –IPaddress –DefaultGateway –PrefixLength 24

Set-NetIPAddress: Modifies the configuration of an IP address, such as modifying the prefix length. You cannot modify the default gateway with this cmdlet.

Remove-NetIPAddress: Removes an existing IP address from an interface.

New-NetRoute: Used to add a new route to the local routing table. You can use this to change the default gateway, but you must remember to remove the existing default gateway.

New-NetRoute –InterfaceIndex 12 –DestinationPrefix –NextHop

Remove-NetRoute: Used to remove routes from the routing table. Remember to include the NextHop parameter or it will remove all routes matching the destination prefix on the interface.

Remove-NetRoute –InterfaceIndex 12 –DestinationPrefix –NextHop

To view all of the cmdlets that are available for configuring TCP/IP you can use:

Get-Command –Module NetTCPIP

This documentation is not 100% up to date, but you can also check this out:

Wednesday, August 8, 2012

Prevent Autodiscovery from Using a Pre-production CAS

When you install a Client Access server (CAS) into an existing Exchange environment, an SCP object is created in Active Directory for autodiscover. That object is immediately available in Active Directory and can be located by Outlook clients. If the CAS is not ready, and you've not configured certificates on the CAS yet, then users may start getting the errors about untrusted certificates.

To prevent clients from using the new CAS before it is configured (effectively disabling autodiscover), you can modify the SCP object by using the following cmdlet:

Set-ClientAccessServer ServerName -AutoDiscoverServiceInternalUri $NULL

Later, when the CAS is ready for production, you need to put the correct URI back into the object with the following cmdlet:

Set-ClientAccessServer ServerName -AutoDiscoverServiceInternalUri https://ServerFQDN/Autodiscover/Autodiscover.xml

Update May 2018
For the last while, I've been hearing about issues when setting the autodiscover URL to $null. It seems that newer Outlook clients see the SCP object in AD and assume that they can use the default URL for that node. So, rather than setting it to $null, set the URL to be the load balanced URL used for the older version.

As a practical example, if you are adding Exchange 2016 to and Exchange 2010 organization, set the URL to point at the Exchange 2010 servers until you've configured and tested the Exchange 2016 servers.