Free Kemp LoadMaster

Kemp recently released a free version of their virtual LoadMaster (VLM) load balancer solution. It is just like a regular VLM with some restrictions of course. There’s no High Availability support in the free LoadMaster, there’s only web-based support and you cannot update the firmware to a newer version for example. Also the bandwidth is limited to 20Mbit (L7) throughput with 50 transactions (TPS) 2K SSL keys.

However, it does support the nice features such as Global Server load balancing, the Application Firewall Pack and the Edge Security Pack. This makes it a perfect solution for small organizations, for lab environment or for regular test environments. It is possible though to upgrade the free LoadMaster to a regular device, making it also a perfect solution for a Proof-of-Concept. When finished the POC you an easily bring the LoadMaster to production by upgrading the license.

Continue reading Free Kemp LoadMaster

Exchange 2013 Edge Transport server does not install in (DMZ) Domain

Some customers have an Active Directory domain in their DMZ (for management purposes) and the Exchange 2013 Edge Transport server can be a member of this domain as well.

Unfortunately starting with Exchange 2013 CU5 the Edge Transport server won’t install anymore when the server is a member of such a domain. Setup crashes with the following error message:

“Active Directory failed on localhost. This error is not retriable. Additional information: the parameter is incorrect.” And “Active Directory response: 00000057: LdapErr: DSID-0C090D8A, comment: Error in attribute conversion operation, data 0, v2580 —> System.DirectoryServices.Protocols.DirectoryOperationException: The requested attribute does not exist.”

At this moment (up to Exchange 2013 CU7) there’s no other workaround that to remove the Edge Transport server from the domain, install the Edge Transport server role (make sure you got the FQDN of the server correct!) and after installing rejoin the Active Directory domain. This works fine.

I noticed however that upgrading an Exchange 2013 CU6 Edge Transport server that’s domain joined to CU7 doesn’t hit this issue, there was no need to remove it from the domain before upgrading.

Password never expire in Office 365

When creating user accounts and Mailboxes in Office 365 the default Microsoft password policy is applied, which means you have to change your password every 90 days.

While it is a best practice to change your password on a regular basis not every customer is too happy with this. I can think of one exception and that’s a service account, this makes sense to have the password set to never expire.

To change this option for user accounts in Office 365 you have to use the Windows Azure Active Directory PowerShell module to connect to Office 365 using the following commands:

$msolcred = get-credential

connect-msolservice -credential $msolcred

Continue reading Password never expire in Office 365

Database MDB02 is low on log volume space

My Exchange 2013 (CU7) servers are logging warning approx. every hour regarding the free available disk space on the Mailbox database volumes in the

Application and Services | Microsoft | Exchange | Managed Availability | Monitoring crimson channel in the eventlog. The threshold for this is set to 175GB, and especially for lab environment this can be too low.

The following event is logged:

Log Name: Microsoft-Exchange-ManagedAvailability/Monitoring
Source: Microsoft-Exchange-ManagedAvailability
Date: 1/22/2015 12:07:46 PM
Event ID: 4
Task Category: Monitoring
Level: Error
Keywords:
User: SYSTEM
Computer: EXCH01.contoso.com
Description:
Database ‘MDB02′ is low on log volume space. ‘MDB02′ is low on log volume space [F:\]. Current=86,97 GB, Threshold=175,78 GB
Continue reading Database MDB02 is low on log volume space

Lync 2013 Reverse Proxy and F5 iApp using multiple FQDNs

In an earlier blog post I wrote about Using an F5 LTM Load Balancer for Reverse Proxy with Lync 2013. This works fine for the domains that you have entered when configuring the Lync 2013 iApp in the F5.

If you have multiple SIP domains and thus multiple Simple URLs like meet.contoso.com, meet.fabrikam.com and meet.alpineskihouse.com it doesn’t work out-of-the-box and your Lync client will fail using these URL’s.

To get this working you have to manually configure the Lync Revese Proxy iRule in the F5. To do this you first have to disable Strict Updates, otherwise updating the iRule will fail (for security reasons this makes sense).

When Strict Updates is disabled navigate to the proper iRule as shown in the following figure:

image

You’ll notice that the initial FQDN’s are configured here, in our example for lyncweb, meet, dialin and lyncdiscover. To get this working for other URL’s just add the other domains and you’re done (and don’t forget the lyncdiscoverinternal name).

When done, don’t forget to enable Strict Updates again, just in case…

Follow

Get every new post delivered to your Inbox.

Join 26 other followers