New Best Practice for RPC Timeouts in Exchange

Exchange 2010 and 2007 use RPC (Remote Procedure Calls) for all client and RPC proxy calls.  For example, email clients (Outlook, Outlook Anywhere (OA), and ActiveSync) use RPC for MAPI connectivity. 



The default keep alive time for RPC connections uses the IIS idle connection timeout, which is 15 minutes.  This usually doesn’t cause a problem on local LAN or WAN connections, but routers and switches that are used to connect Internet clients to internal Exchange servers often have more aggressive timeouts.  Typically these network devices have a 5 minute timeout which causes problems for external clients, particularly Outlook Anywhere, iPhone, and iPad clients.  Symptoms include messages stuck in the Outbox and poor email performance on the remote clients, and high CPU utilization on the Exchange Client Access Servers (CAS).








The new best practice is to adjust the RPC keep alive timeout value on the Client Access Server from 15 minutes to 2 minutes.  Since RPC is a function of Windows, not Exchange, this value is adjusted under the Windows NT registry key.  The value is located here:



HKLM\Software\Policies\Microsoft\Windows NT\RPC\MinimumConnectionTimeout



Normally the MinimumConnectionTimeout DWORD value does not exist, which means RPC uses the default value of 900 seconds (15 minutes).  To adjust it, create or modify the MinimumConnectionTimeout value and set the value to decimal 120 (seconds, or 2 minutes).  IIS must be restarted on the CAS to affect the change.







The following command will create the appropriate values:



reg add “HKLM\Software\Policies\Microsoft\Windows NT\RPC” -v “MinimumConnectionTimeout” -t REG_DWORD -d 120



The Outlook and ActiveSync clients honor this new timeout during the connection to the CAS, so both client and server now send a Keep-Alive packet after two minutes of inactivity, effectively maintaining both TCP connections needed.



A colleague of mine works for a large global company that was affected by this.  They have several thousand iPads connecting to nine load balanced CAS servers and all the CAS were peaking at 100% CPU utilization.  Once they implemented this change the average load on the CAS is now 20-30% and the iPad performance is much improved.



This is my new best practice and I make this change on every Exchange CAS deployment.  For more information about RPC over HTTP see Configuring Computers for RPC over HTTP on TechNet.

Windows Surface Tablet vs iPad 3 Comparison



On Monday Microsoft announced the new Microsoft Surface tablets to the world.  Click the image above for a video of the event.



There are a number of good articles covering the details and speculation about the price and specifics.  I put together the table below to compare the Microsoft Surface specs to the Apple iPad 3.




Windows Surface vs. Apple iPad 3

The pricing estimates above are based on Microsoft’s statement that the Windows RT version of Surface would cost about the same as comparable slates. Surface Pro would be priced similar to comparable competitive Ultrabook PCs.

Microsoft Surface Microsoft Surface Pro Apple iPad 3 OS Windows RT Windows 8 Pro IOS 5.1.1 Light 1 676 g 903 g 652 g (Wi-Fi) & 662 g (Wi-Fi/3G) Thin 2 9.3 mm 13.5 mm 9.4 mm Processor nVidia Tegra ARM ? Intel Core-i5 ? Dual-core Apple A5X with integrated quad-core graphics Clear 10.6” ClearType HD Display with Gorilla Glass 10.6” ClearType Full HD Display with Gorilla Glass 9.7″ Retina LED-backlit glossy widescreen Multi-Touch Resolution ≥1280×720 ? ≥1920×1080 ? 2048×1536-pixel resolution at 264 pixels per inch (ppi) Energized 31.5 W-h 42 W-h 42.5 W-h Connected microSD, USB 2.0, Micro HD Video, 2×2 MIMO antennae microSDXC, USB 3.0, Mini DisplayPort Video, 2×2 MIMO antennae 30-pin dock connector port, Bluetooth 4.0, PiFA integrated antenna Productive Office Home & Student 2013 RT, Touch Cover, Type Cover Touch Cover, Type Cover, Pen with Palm Block Smart cover, 3rd party keyboards Practical VaporMg Case & Stand VaporMg Case & Stand n/a Configurable 32 GB, 64 GB 64 GB, 128 GB 16 GB, 32 GB, 64 GB Cost ~$600-$700 (estimate) 3 ~$1000-$1100 (estimate) 3 $499-$599-$699 (Wi-Fi only) & $629-$729-$829 (Wi-Fi/3G)

An Introduction to Windows 8 To Go


I just returned from Microsoft TechEd North America in Orlando.  I spent most of my sessions following Windows Server 2012 and a few on Windows 8.  One of the coolest Windows 8 features to be covered was Windows 8 To Go.  In this article I’d like to cover some of the interesting aspects of Windows To Go.



Windows To Go allows enterprise administrators to provide a completely managed Windows 8 experience to their users along with all their business line apps from a USB drive.  This provides a truly portable full fidelity desktop experience for their users since they can boot to it and run it from multiple computers.



Administrators create Windows To Go images and configure the USB drives using standard ImageX tools.  Users simply plug the Windows To Go USB drive into a PC or laptop and boot to that drive.  This typically can be done by pressing an F1-12 key during boot.  Users can save their documents and settings to that Windows To Go drive and/or sync them using their Windows Sky Drive.



Windows To Go desktops are managed using general and Windows To Go specific Group Policy Objects.  These GPOs are applied directly to the image and over the Internet.  For example, GPOs can be configured to allow or disallow access to local resources, such as the local C: drive of the computer used for Windows To Go.  The default setting is to disallow access to local drives.








Windows To Go drives can be protected using BitLocker.  A pre-boot password must be entered on BitLocker protected drives since there is no TPM chip on the USB drive.  Manufacturers may provide built-in biometric scanning or keypads on WTG USB drives in the future.



If the WTG USB disk is removed from the computer, the USB stack detects it and freezes the desktop for up to 60 seconds.  If the USB stick is reinserted within that time, Windows will automatically resume.  If the drive is not reinserted the desktop will power down the system.  This prevents accidental disclosure of business information.



Here are some other facts and requirements of Windows To Go:

  • Only USB drives that are optimised for Windows To Go will work.
  • WTG drives are at least 32GB and high-speed USB 3.0.
  • Currently there are only two manufacturers with optimised WTG drives: Kingston and Super Talent.  More will follow.
  • Interestingly, USB 3.0 ports are not required for either the imaging computer or the host computer.  USB 2.0 is required.
  • First boot on a new computer will take a few more seconds as drivers are installed.  Subsequent boots from the same computer only take seconds.
  • Drivers that are not included in the WTG image will be downloaded from Windows Update.
  • Supported host computers that can run WTG are x64 computers with the Windows Vista or Windows 7 logo.
  • While not supported by Microsoft, it may be possible to boot Windows To Go from a Mac.  You may (probably will) run into driver issues.  If so, you’re on your own.
  • Adding Direct Access to WTG images provides transparent access to the corporate network.
  • Hibernation is not possible in Windows To Go instances.

Licensing

Windows To Go requires Windows 8 Enterprise with Software Assurance.  It is not available with any other SKU.  At the time of this writing, Windows 8 Release Preview is not Enterprise Edition, so Windows To Go is not available for testing (even if you could get a hold of an optimized for Windows To Go drive).



Your enterprise’s Windows 8 Enterprise client access license (CAL) allows your users to run Windows To Go on any PC outside the corporate network (i.e., home, the library, mom’s house, etc.).  Any user who runs WTG within the corporate network requires an additional Companion Device license, at extra cost.

 

Discount Tickets to Universal Studios Orlando for TechEd Attendees




As reported on the TechEd Blog, Universal Studios is offering special reduced pricing to Universal Studios Theme Park in Orlando exclusively to TechEd attendees.  These specially discounted tickets are $25 and are available on certain days: June 10th, 15th, 16th and 17th.



I’ve followed up on this with both Universal and Brandy Pepper, Sr. Marketing Manager – TechEd Team.  Here are the details:

  • Attendees buy their tickets at the Universal box office.
  • The tickets are $25 each and valid only for attendees with TechEd badges*.
  • If you call the Universal Studios Orlando box office, they may not know about this special pricing.  Don’t worry, box office staff will be informed on days when the tickets are available.
  • If you have questions or need information prior to going to the park to purchase the ticket send an email to v-brpepp@microsoft.com

* Special offer valid for entry into Universal Studios Florida during the dates noted above only. Offer not valid for entry to Islands of Adventure. Each attendee must present a valid conference badge for eligibility.


You can also enjoy Universal CityWalk for June 11-14!


At night, enjoy unlimited club-to-club access and incredible music and entertainment at Universal CityWalk.  TechEd attendees will receive COMPLIMENTARY* admission to select CityWalk venues.  Includes Red Coconut Club, Bob Marley – A Tribute to Freedom, Pat O’Brien’s, CityWalk’s Rising Star and the groove.

* Complimentary admission valid Monday, June 11 through Thursday, June 14, 2012.  Present your TechEd conference badge at any Guest Services ticket window at CityWalk to receive your complimentary credentials.  Valid photo identification required

Get to know the Test-Message cmdlet

Exchange 2010 includes a little known cmdlet called Test-Message.  This cmdlet is used to troubleshoot the impact of Inbox rules on a message and gather detailed information about how rules are processing it.  It’s also useful for testing the flow of moderated messages and to see the affects of large distribution group expansion without actually sending a message.



The RTM version of Test-Message is documented at http://technet.microsoft.com/en-us/library/dd298101(EXCHG.140).aspx, but there are a couple of additional parameters added in Exchange 2010 SP1 that are not listed there.  The purpose of this article is to show you how to configure the cmdlet and give examples its use.



To use the Test-Message cmdlet, you must add a user account or security group to the “Support Diagnostics” RBAC role in Exchange 2010.  You do this from the Exchange Management Shell by running the following command:



New-ManagementRoleAssignment -Role “Support Diagnostics” -SecurityGroup “Organization Management”



The command above adds the Exchange 2010 Organization Management group to the Support Diagnostics RBAC role.  If you want to add the role to an individual user, use the following command:



New-ManagementRoleAssignment -Role “Support Diagnostics” -User Jeff



Note that the added user must close and restart EMS to see the new cmdlet, since access to cmdlets is granted by RBAC when EMS is started.  You can find out which users have the Support Diagnostics role assigned to them by running the following command:



Get-ManagementRoleAssignment -Role “Support Diagnostics”



Now that we have the access to the Test-Message cmdlet through RBAC, let’s see what we can do with it.  The examples below use the Exchange 2010 SP1 version of the cmdlet, which includes two additional non-documented parameters, -Arbitration (optional) and -InboxRules (required).



The simplest test would be:



Test-Message -Sender amy@contoso.com -Recipients jason@contoso.com -InboxRules:$false -SendReportTo jeff@contoso.com



This test will send a system generated message from Amy’s mailbox to Jason’s mailbox, bypassing Jason’s Inbox rules, and then send the resulting report to Jeff’s mailbox.  The report looks like this:






Here we can see that the message originated from Amy’s Inbox, it evaluated Jeff’s Inbox rules, displays the SCL Junk Threshold, and tells you the target folder for the message after the rules have run.  This is an easy way to troubleshoot messages that are deleted or delivered to another folder other than the Inbox.



It’s important to note that the Sender parameter can be any SMTP email address, even an external address.  This is useful for testing various rule behaviors.



Note that the message also includes two attachments: mailbox-rules.xml and automatic-reply-history.xml.  Mailbox-rules.xml contains an export of all the rules for the target mailbox.  This can be used to backup the Inbox rule set and/or export to another user’s mailbox.  Automatic-reply-history.xml which lists all the recipients where an OOF message fired.



By default, Test-Message adds the header, X-MS-Exchange-Organization-Test-Message: Supress to the message (and yes, “Supress” is mispelled that way).  This header causes Exchange to delete the message before it is delivered to the recipient mailbox.  If you want the message to be delivered to the recipient add the -DeliverMessage parameter.  An Exchange Diagnostic Message will then be delivered with the text, “This message was generated by an Exchange administrator. You can ignore this message, unless your administrator has requested otherwise.



See Tom Kern’s article, Test-Message Improvements in Exchange 2010 Sp1 for even more info on the Test-Message cmdlet.

The TechEd 2012 Bags (yes, plural)




This year Microsoft is giving you a selction of TechEd bags to chose from. 



These bags are made by LooptWorks, an eco-friendly company that makes mens wear, womens wear, and other gear out of scrap materials and overruns from other manufacturers.  It’s a completely different way of recycling called “upcycling”.  Perhaps they’re even made of out of old undrinkable TechEd 2009 water bottles.  You can read more details about the materials used in these bags from the TechEd blog post, Upcycled Materials used in the Making of the TechEd 2012 Bag.



According to LooptWorks, each backpack conserves 33.6 Gallons of water and averted 71% of carbon emissions.  Bravo to the TechEd team for using such an innovative manufacturer!



Thanks to my good friend, Scott Ladewig for the link to the photo.

Win8: How to Create Keyboard Shortcuts For Your Apps

Now that the Windows 8 Release Preview is out, I’ve decided to create a bootable VHD of Win8 to kick the tires and get totally familiar with the new interface.  This morning I started installing some of my most commonly used applications.  I configure keyboard shortcuts for most of these applications, as well as some of the built-in Windows apps like Notepad, Command Prompt, and PowerShell.



Windows 8 no longer has a Start menu, so you need to configure the application shortcuts from Windows Explorer.  Here’s how to do that:



  • Press the Windows + E key to bring up Windows Explorer on the Windows Desktop.
  • Navigate to %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs.  Here you will find the shortcuts to most of the applications that you install.




  • Now locate the shortcut you want to configure, right-click it, and select Properties to configure the keyboard shortcut.  Depending on your UAC settings, you may need to provide administrator permission to change these settings.




Note: Some Windows built-in applications are stored in other locations.  Here are the common locations for those apps:

  • Notepad: %APPDATA%\Microsoft\Windows\Start Menu\Programs\Accessories
  • Command Prompt: %LOCALAPPDATA%\Microsoft\Windows\WinX\Group3