Hi All,

I’ve spent the last few days migrating to Hyper-V, SQL 2008, Windows Server 2008 R2 and Exchange 2010 from 3 machines - Windows Server 2003, SQL 2005 and Exchange 2003. The last thing I had to turn on/get going was Active-Sync for syncing mail with home via a mobile device. This failed miserably, as per the below event log on my Exchange 2010 Server.

Log Name:      Application

Source:        MSExchange ActiveSync

Date:          11/20/2009 12:23:07 PM

Event ID:      1053

Task Category: Configuration

Level:         Error

Keywords:      Classic

User:          N/A

Computer:      <server>.thenet.gen.nz

Description:

Exchange ActiveSync doesn't have sufficient permissions to create the "CN=<name>,OU=<OU Name>,DC=thenet,DC=gen,DC=nz" container under Active Directory user "Active Directory operation failed on <server>.thenet.gen.nz. This error is not retriable. Additional information: Access is denied.

Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

".

Make sure the user has inherited permission granted to domain\Exchange Servers to allow List, Create child, Delete child of object type "msExchangeActiveSyncDevices" and doesn't have any deny permissions that block such operations.

Details:%3

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

  <System>

    <Provider Name="MSExchange ActiveSync" />

    <EventID Qualifiers="49156">1053</EventID>

    <Level>2</Level>

    <Task>2</Task>

    <Keywords>0x80000000000000</Keywords>

    <TimeCreated SystemTime="2009-11-19T23:23:07.000000000Z" />

    <EventRecordID>9577</EventRecordID>

    <Channel>Application</Channel>

    <Computer><server>.thenet.gen.nz</Computer>

    <Security />

  </System>

  <EventData>

    <Data>CN=<name>,OU=<OU Name>,DC=thenet,DC=gen,DC=nz</Data>

    <Data>Active Directory operation failed on <server>.thenet.gen.nz. This error is not retriable. Additional information: Access is denied.

Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

</Data>

  </EventData>

</Event>

The work around was pretty simple, however took me some time trolling through external and internal Knowledge Base Articles. I came across this article, however it didn’t seem to address the issue.

Here’s how I managed to get it sorted -

On a Domain Controller, Click on Start/All Programs/Administrative Tools/Active Directory Users and Computers

Click on View and Select Advanced Features

Select a mailbox that isn’t working with Active Sync, double click on the account, Select the Security Tab and then the Advanced Button.

Select Exchange Servers, and tick the Include inheritable permissions toggle then Apply and OK.

This issue is currently bugged and is likely to be fixed with an update in the future – It seems to be a symptom of ‘upgrading’.

Nick.

Hi All,

Now that Office Communication Server R2 is out, there are a heap of customers piloting and indeed deploying OCS. I thought I’d share a few thoughts around why you should consider federating with your business partners and other IM service providers. I work in the support part of our organisation, and for me, encouraging my customers to federate with Microsoft makes perfect sense both from a business partner (being able to engage directly with your account team) perspective as well enabling us to support our customers better.

Here are a few reasons why you should consider federation:

· The ability to see if business partners are online, their presence, availability

· Share information easily via Instant Messaging – share documents, URLS, quick questions/responses/escalations

· Ability for 3^rd parties to see application/environmental issues via shared desktops which should drive down response/incident resolution times

· Reduce phone costs by calling peer to peer instead of traditional POTS

· Ability to quickly and easily setup a conference call/Live meeting session for collaboration

· Ability to manage IM, audit, monitor and manage IM traffic

· Ability to build virtual teams across organisations or with 3^rd parties with a common goal – e.g.: Universities or companies working on joint projects or teams that are geographically separated.

Federation is an important goal for the Office Communications Server team and they are excited to announce several changes to public IM federation between Office Communications Server and public IM networks, effective July 1, 2009:

· The Live Communications Sever Public IM Connectivity (LCS PIC) license will be renamed Office Communications Server Public IM Connectivity (OCS PIC) license.

· Customers with Office Communications Server 2007 R2 Standard CAL or Office Communications Server 2007/Live Communications Server 2005 SP1 Standard CAL with Software Assurance will no longer require an additional license to federate with Windows Live.  (A license will still be required for federation with AOL & Yahoo!.)

· With Windows Live federation, customers will be able to add Windows Live contacts to their Office Communicator contact list, view presence and send and receive instant messages.

Microsoft will continue to work with our partners to enable more options that allow you to communicate seamlessly with customers, partners, friends and family on different networks. For more information on public IM connectivity with Office Communications Server, please go to http://www.microsoft.com/communicationsserver/en/us/public-im-connectivity.aspx.

Our Unified Communications Product team are also on Twitter http://twitter.com/ucteam.

Federation provides your organization with the ability to communicate with other organizations Access Edge Server to share IM and presence. You can also federate with an audio conferencing provider using either of the two following methods. The process of configuring federation with an organization or an audio conferencing provider is identical. For a list of supported ACPs, see http://r.office.microsoft.com/r/rlidOCS?clid=1033&p1=ACP.

If you have enabled federation on the Access Edge Server, access by federated partners, including audio conferencing providers (ACPs), is controlled using one of the following methods:

• Allow automatic discovery of federated partners. This is the default option during initial configuration of an Access Edge Server because it balances security with ease of configuration and management. For example, when you enable automatic discovery of federated partners on your Access Edge Server, Office Communications Server 2007 allows any federated domain to send communications with you and automatically evaluates incoming traffic from federation partners and limits or blocks that traffic based on trust level, amount of traffic, and administrator settings.
• Allow discovery of federated partners, but grant a higher level of trust to specific domains or Access Edge Servers that you specify on the Allow list. For example, if you want to grant a higher level of trust to partners using the SIP domain contoso.com and fabrikam.com, you would add these two domains on the Allow tab. Restricting discovery in this way establishes a higher level of trust for connections with the domains or Access Edge Servers that you add to your Allow list, but still provides the ease of management that is possible by discovering other federation partners that are not listed on the Allow tab.
• Do not allow discovery of federation partners and limit access of federated partners to only the domains or Access Edge Servers for which you want to enable connections. Connections with federated partners are then allowed only with the specific domains or Access Edge Servers you add to the Allow tab. This method offers the highest level of security, but does not offer ease of management. For example, if an FQDN of an Access Edge Server changes, you must manually change the FQDN of the server in the Allow list.

How Federated Traffic Is Evaluated When Using Automatic Discovery

If you choose to use automatic discovery of federated partners, the Access Edge Server automatically evaluates incoming federated traffic in the following way:

If a federated party has sent requests to more than 1000 URIs (valid or invalid) in the local domain, the connection first placed on the Watch list. Any additional requests are then blocked by the Access Edge Server. If the Access Edge Server detects suspicious traffic on a connection, it will limit the federation partner to a low message rate of 1 message per second. The Access Edge Server detects suspicious traffic by calculating the ratio of successful to failed responses. The Access Edge server also limits legitimate federated partner connections (unless added to the allow list) to 20 messages/sec.

If you know that you will have more than 1000 requests sent by a legitimate federated partner or a volume of over 20 messages per second sent to your organization, to allow these volumes, you must add the federated partner to the Allow tab.

After configuring federation, you can use Office Communications Server 2007 administrative tools to monitor and manage federated partner access on an ongoing basis. For more information, see the

Introduction to Microsoft Office Communications Server 2007 Administration Guide.
Enabling discovery of federated partners

If you did not enable discovery of federated partners when you configured your Access Edge Server, you can use the Computer Management snap-in to do so. If you already selected this option during setup, you do not need to perform this step.

To enable discovery of federated partners

1. Log on to the Access Edge Server as a member of the RCT Local Administrators group or a group with equivalent user rights.

2. Open Computer Management. Click Start, click All Programs, click Administrative Tools, and then click Computer Management.

3. In the console tree, expand Services and Applications, right-click Microsoft Office Communications Server 2007, and then click Properties.

4. On the Access Methods tab, select the Allow discovery of federated partners check box.

Add a Trusted Federated Partner

Use the following procedure to add a trusted federated partner domain and optionally the FQDN of its Access Edge Server, use the following procedure.

To add a trusted federated partners

1. Log on to the Access Edge Server as a member of the RTC Local Administrators group or a group with equivalent user rights.

2. Open Computer Management. Click Start, click All Programs, click Administrative Tools, and then click Computer Management.

3. On the Allow tab, click Add.

4. In the Add Federated Partner dialog box, do the following:

• In the Federated partner domain name box, type the domain of each federated partner domain.
• In the Federated partner Access Edge Server box, optionally type the FQDN of each Access Edge Server that you want to add to your Allow list. Remember if you configure the FQDN of a partner's Access Edge Server and the FQDN changes, you must manually update your configuration for this partner.
• Click OK.

5. Repeat this procedure for each federated partner you want to add to your Allow list, and then click OK.

For more information, please check out this link - http://technet.microsoft.com/en-us/library/bb663635.aspx

Office Communications Server 2007 R2 gives organisations the features and tools they need to streamline communications while increasing operational control, all without expensive infrastructure and network upgrades.

Find more information about Office Communications Server 2007 R2 by accessing our catalog of technical resources, documents, and experts.

• Product Documentation

Review product information on everything from new features to migration and deployment.

• Learning Resources

Take advantage of our learning offerings including webcasts, training courses and virtual labs.

• Support Options

Need technical support? Microsoft can answer your questions. Find information about troubleshooting issues or ask an expert.

Try It

Trial Software

Try a fully functional version of Office Communications Server 2007 R2 in your own environment.

Virtual Hard Drive

The Microsoft VHD Test Drive Program provides customers with an enhanced server-based software evaluation experience that’s faster, better supported, and more flexible. You can now access the entire catalog of pre-configured Microsoft and partner products and solutions in the VHD format and start evaluating and testing today.

Unified Communications Hosted Trial

Experience the end-user features of Microsoft’s unified communications technologies without installing any hardware or software. Microsoft’s UC Hosted Trial allows you to sign up for a free five day trial of Office Communications Server 2007 R2 and Exchange Server 2007.

Virtual Labs

Experience Office Communications Server and discover how you can streamline communications for your users, experience the flexibility and control you need to manage your communications infrastructure, and provide an extensible platform for communications-enabled business processes.

Nick.

Hi All,

I’ve given myself a project of synth’ing Liam’s school (Halswell) for them – It’s a wicked technology from Microsoft Live Labs which has a whole heap of potential uses.. So if you’ve got some photos of Halswell School, ping me an email and i’ll happily add them in the collection as I progress...

NB: You can zoom in/out on the photos by using the + and – buttons as well as navigate around using the arrows.

Nick.

Hi All,

I've been working a bit with Nigel Parker in our developer evangelist team on some projects and he's always doing cool stuff with our new technologies, so I wanted to see how hard it was for mere mortals to synth photos - It's surprisingly very very easy - I took a few photos of my office at work.. and put this together (or you can view the embedded version below). For more info check out http://photosynth.net/. 

Nick.

Hi All,

For those of you that have (or intend on getting) one of these great devices, the current install files on the t-stick don’t work as expected with Windows 7.

Here’s a work around: -

When you insert the t-stick into a USB port, follow the normal process of installing the drivers. It will fail on recognising a number of components. Move the t-stick to another USB port and then add the drivers manually by looking at the other devices section in the device manager, right clicking on the component, choose the Update driver Software option and point the path to the C:\Program Files\Sierra Wireless\USBMUX Drivers folder. Once this done for each one, it should look something like this.

Then fire up the watcher, and you should be away after clicking on the connect button.

The Live Mesh team recently announced that Live Mesh for Mobile is now available for all countries, so everyone can try it out. Since the mobile service initially launched back on October 30th, the team has updated Live Mesh for Mobile to address many of the reported issues that users had submitted. With those issues out of the way, the mobile version was then ready for wider testing. Although anyone can try Live Mesh for Mobile now, it is worth noting that it works better on 3G networks.

If you want to try it out, you had better hurry: there are only a limited number of spots available. To sign up, go here  and add your Windows Mobile device to your Mesh. (That link will provide you a Live ID for adding a WM phone to the Mesh.) If you were already running the Live Mesh for Mobile client on your device, you should see an update notification the next time you log in. 

Nick.

Do you wish you could receive your Facebook messages along with your regular email on your Windows Mobile phone? Now you can with the new version of the emoze mobile push email service. With emoze’s free application, you can read, reply, and send messages directly from your phone’s interface without having to open up and browse to the Facebook web site itself. It’s completely integrated with your phone, all that’s required is a data connection. 

Once installed, the emoze Mobile Client application communicates with the Emoze Global Service Network (EGSN) to receive the incoming emails and direct them to the inbox on the mobile device.

Emoze can be downloaded from www.emoze.com or downloaded directly onto your Window’s Mobile device by navigating to http://emoze.com.

Nick.

Love the 5GB (soon to be 25GB) of free online storage provided by SkyDrive, but wish you could access it browser-free? That’s the promise of a new application called Gladinet, a desktop software program that delivers web applications and online files to your desktop. With Gladinet installed, online storage sites like SkyDrive and others become available through Windows Explorer, where they exist as a virtual drive.

To use Gladinet, you only need provide your username and password to the program once, then the credentials are stored in a "Safe Card," which can be managed separately from the application itself. When connecting to remote drives, some reports note that Gladinet may take a minute or two to connect to the resource.

In many ways, this program functions as a desktop app for services that don’t provide desktop access. However, with the upcoming Windows Live Photos service (which stores images on SkyDrive), the Windows Live Photo Gallery desktop app integrates seamlessly with the online service, making the need for another desktop app somewhat redundant if you only use SkyDrive for images. But for those who manage all sorts of files on SkyDrive, Gladinet could be a useful tool.

Noah Edelstein stopped by and gave Channel 10 a first look at the Mac client for Live Mesh, so now if you've got some electro-diversity in your home ecosphere, you can drag & drop, share & push all your files to your other machines just like the I'm a PC folks. If you're already a Live Mesh user, this will be a familiar look for you, although some of the UI has been tweaked to conform with Mac norms. If you're dying to get your Mesh on your Mac, head over to mesh.com and sign-up, so that you'll be ready to be a part of this limited release once it goes live later today.

First Look: Live Mesh Client for Mac

Ori and some other folks from the mesh team decked out his car with a custom display and PC, controlled with touch, voice, a Griffin Powermate and Live Mesh! Because his car is 'on the Mesh', Ori can sync his music automatically, and even send an invite to his mechanic to view his telemetry and diagnostics in real time. With the built in navigation he can even share his location with people through Mesh.

Ori Amiga's MeshMobile - Very Cool!