Category Archives: Computers and Internet

Outlook 2013: Something unexpected went wrong with this URL–Class not registered


 

If you get this error when you click on links in Outlook emails, you would be wondering what’s this error is all about.

image

There is nothing to it. Internet Explorer (or your favorite browser) is not correctly set as default browser for the HTTP/HTTPS links.

Solution: Make IE (or Firefox or Chrome) as default browser on your computer at Control Panel / Default Programs console. This error will go away after you set your favorite browser as default.

Try making Firefox or Chrome as default browser using built-in methods in the browser.  For example, in Firefox the settings are at Options as below.

image

PowerShell 3.0: How to get Office 365 Service Health alerts in email? (from RSS feed)


Microsoft has awesome Office 365 Admin app on iPhone, Android and Windows phones. But I came across some old school IT guys wants to see Office 365 cloud service alerts in emails. So I wrote a PowerShell script with Invoke-RestMethod cmdlet. Feel free to reuse this script to your needs.

Before you start using this script, you need two things. Office 365 Service Health RSS URI for your organization and a SMTP server to send emails out.

To get the Office 365 Service Health RSS URI:

1. You need to log in to Office 365 with administrator account.
2. Expand and Go to Service Health/Service Health Page.
3. click on RSS icon on top right (see picture below).

 

O365ServiceHealth O365ServiceHealth1

 

4. Copy the whole RSS address URI from the Address bar, and keep it in a notepad

 

O365ServiceHealthURI

Now here is my script. Copy and paste the RSS URI into the script to replace Value for the variable $URI. Change the From/To/SMTP server address in the script. Save the script and schedule it to run every day (or hour, etc.,).

Your download this script from here: Office365Monitor.ps1

<#
Function: Send-Email
Parameters: FromAddress,ToAddress, Subject, Body,
Attachment (array of files)
Purpose: Send email to specified email address
with given subject, body and attachments

Written by: Anand, the awesome, Venkatachalapathy
#>
Function Send-Email()
{
Param (
$fromaddress = “donotreply@company.com”,
$toaddress = “AwesomeAnand@company.com”,

$Subject = “Action Required”,
$body,
$HTMLBody = $false,
$attachment = @(),
$smtpserver = “screeming-smtp.company.com”
)

$message = new-object System.Net.Mail.MailMessage
$message.From = $fromaddress

if ($toaddress.Length -gt 0)
{ $message.To.Add($toaddress) }

$message.IsBodyHtml = $HTMLBody
$message.Subject = $Subject

$attachment.foreach( {
$attach = new-object Net.Mail.Attachment($_)
$message.Attachments.Add($attach)
} )

$message.body = $body
$smtp = new-object Net.Mail.SmtpClient($smtpserver)
$smtp.Send($message)
}
# End of Send-Email Funcation

<#
* * * * The Script Starts here * * * *
Script: Office365Monitor.ps1
Purpose: Get Office 365 Service health alerts in
email (from RSS feed)

Usage: Find out your RSS alert URI by
1. logging in to your Office 365 portal
as administrator,
2. go to “Service Health”section,
3. click on RSS icon on top right,
4. Copy and paste the address (URI) to
this script below for value for $URL variable

Don’t forget to change the from/to/smtp server
addresses in this script.

Written by: Anand, the Awesome, Venkatachalapathy
Written Date: Jan 2015
#>

#URI from Office 365 service health RSS section
$URI = “http://rss.servicehealth.microsoftonline.com/feed/en-US/..”

#Get the REST representation resource from Office 365 RSS URI
$O365Status = Invoke-RestMethod -Uri $URI

$Alerts = “”

#Collect all degraded service information
foreach($Status in $O365Status)
{

if ($Status.Description -like ‘*degradation*’)
{

$Alerts += $Status.pubDate + “`n” + $Status.title + “`n” + `
$Status.description + “`n” + $Status.link + “`n`n”

}
}

#send email
if ( $ExchAlerts.Length -gt 10)
{
Send-Email -fromaddress “Office365ServiceMonitor@company.com” `
-toaddress “awesomeanand@gmail.com” `
-Subject “Office 365 Service is degraded” `
-body $Alerts -HTMLBody:$true `
-smtpserver “ScreemingSMTP.company.com”
}

<#
* * * * The Script Ends Here * * * *
#>

Exchange 2010/2013: Database Context Index Status Failed


According to this KB article KB2807668, Exchange 2013 database content index fails due to missing AD Group named ContextSubmitters. The KB says,

This issue may occur if the search platform tries to check its membership in a security group that is named “ContentSubmitters.” This group is not created by the search platform or by Exchange Server 2013 and is therefore not usually present. Although the check usually fails silently, without any consequences, an exception sometimes occurs. This causes the search component to fail.

The solution from the KB is

To resolve the issue, do the following:

  1. Create a new Active Directory group that is named “ContentSubmitters” and then grant Admistrators and NetworkService full access to the group. This is a dummy group and should be used as a placeholder only. You might want to add a description so that the group is not removed.
  2. Force or wait for Active Directory replication.
  3. Restart the following services:
    • Microsoft Exchange Search
    • Microsoft Exchange Search Host Controller

Now if it is not the issue, you can fix the content index status by updating database copy, using following command on only on failed databases on Exchange Shell.

Get-MailboxDatabaseCopyStatus * | where {$_.ContentIndexState -eq "Failed"} | Update-MailboxDatabaseCopy -CatalogOnly

Enjoy!

PowerShell: Find a user or group is member of local Administrators group of a Remote computer


I wrote this script to scan all computers and find if specific Group is member of local administrators group or not. In a day, I found this specific group has local admin access to which computers.

You may modify or use as it is of the following PowerShell script if you need to find the local administrators group membership of a user or group.

<#
    PowerShell Ver 3 or above

    Script: Verify-LocalAdminMembership
    Parameter 1: Computer Name or IP Address
    Parameter 2: Which User or Group to check member of the local Administrators in give computer (param 1)

    Description: This script checks the given user or group is member of local administrators group of the
    given computer or not.

    Written by: Anand, the awesome, Venkatachalapathy

#>

Param ($CompName,$TargetObject)

<#
    Function: IsAdministrator
    Parameter: Computer name of IP Address
    Description: This function checks the membership of local administrators group. If the given
    $targetobject is member of local administrators group, it return True.
#>
function IsAdministrator($hostname)
{
    $objGroup = [ADSI](“WinNT://$hostname/Administrators”)
    $members = @($objGroup.psbase.Invoke(“Members”))

    $IsAdmin = $false
    $members | foreach { $member = $_.GetType().InvokeMember(“Name”, ‘GetProperty’, $null, $_, $null); if ($member.Equals($TargetObject)) { $IsAdmin = $true } }
   
    Return $IsAdmin
}

<#
    —- The Script Starts Here —-
#>
$ReturnValue = IsAdministrator -hostname $CompName

If ($ReturnValue)
{
    if (($CompName.ToCharArray() | Where-Object {$_ -eq ‘.’} | Measure-Object).Count -eq 3)
    {
        # $CompName contains a IP address, find the hostname from DNS
        $NameOftheHost = ([System.Net.Dns]::GetHostbyAddress(“$CompName”)).Hostname
    }
    else
    {
        $NameOftheHost = $CompName
    }
   
    “$NameOftheHost contains $member in local administrators group”
}

Exchange: How come disabled user is still sync emails (on a phone)?


There was an issue raised a terminated user is still sending and receiving emails from his/her phone. We checked the user account was disabled (for sure). How the heck the user still sending emails to us?

Quick search points to this KB: EAS devices still sync after an account is disabled or a password is changed

That is not right!  The solution described as

Any of the following methods will force the device to reconnect on a new connection.

Reset IIS

  1. On the Client Access Server(s) that the device connects to, click Start, click Run and type CMD and then press ENTER.
  2. Type iisreset and press ENTER.

This will restart IIS services.  You can also use the Services.msc snap-in to manually Restart the IIS Admin service.

Recycle the Application Pool used by ActiveSync

  1. Click Start, click Administrative Tools, click Internet Information Services (IIS) Manager.
  2. Expand the server name.
  3. Click Application Pools.
  4. Right click the MSExchangeSyncAppPool and click Recycle.

We can’t do this every time an employee leaves the company (contractors and consultants more frequently). This is destructive change for disabling for every leaving employee.

This blogger had some ideas: http://mellositmusings.com/2012/05/19/how-to-quickly-disable-account-access-in-ad-and-exchange-2010/

But still it’s not enough. I needed more complete solution without the destructive part. I found such a solution in Technet Blogs.

The following Microsoft Technet Blogs covers the issue and solution. Either you do one-off basis for a disgruntled employee or add it to your termination process for every employee, you can do the following.

BUT, it will still take about 10 to 15 minutes. I would add Active Directory Replication to sync all DCs with this command: Repadmin /SyncAll /AeP from where you disabled the user account and Exchange server resides.

1. Disable Active Sync devices (all of them) for the user

Note down all device IDs from this command output:
Get-CASMailbox <user> | Select ActiveSyncAllowedDeviceIDs, ActiveSyncBlockedDeviceIDs

Disable all ActiveSync Devices:
Set-CASMailbox -Identity <user> -ActiveSyncBlockedDeviceIDs “<DeviceID_1>,<DeviceID_2>”

2. Disable OWA/ActiveSync and Mapi on the account

Disable Web Services:

Set-CASMailbox -Identity <user> -OwaEnabled $false
Set-CASMailbox -Identity <user> -EwsEnabled $false
Set-CASMailbox -Identity <user> -EwsEnabled $false
Set-CASMailbox -Identity <user> -EcpEnabled $false

Disable MAPI:

Set-CASMailbox -Identity <user> -MapiEnabled $false
Set-CASMailbox -Identity <user> -MapiBlockOutlookRpcHttp $true
Set-CASMailbox -Identity <user> -EwsAllowMacOutlook $false
Set-CASMailbox -Identity <user> -EwsAllowOutlook $false

3. Set the Recipients Limits to 0
Set-Mailbox -Identity <user> -RecipientLimits 0

4. Disable the Mailbox and User Account

Here are the blogs for the source of above info:

Part I : Disabled Accounts and ActiveSync Devices Continuing to Sync

Part II: Disabled Accounts and Users Still Being Able to Access via Outlook & OWA

Exchange: Hide Distribution Group Members


Other day I have been asked to find out if we can hide DL Members. So Users can see the DL in Address Book, but can’t see the members. I found it’s very easy to do. (Microsoft Exchange Rocks!!!)

Here is how you do it.

  1. Open Active Directory Users and Computers console.
  2. Click View Menu and select Advanced Features (to enable it)
  3. Find your Distribution List or Security Group (mail enabled) in the OU
    1. DO NOT search your group. Because if you open the DL/Group properties from search windows, it will NOT show the Attribute Editor which is the advanced feature)
  4. Double click to open the DL/Group to see the properties. Go to Attribute Editor tab.
  5. Find hideDLMembership attribute, double click to open and select True. Click OK twice to close the dialog boxes.

image

It takes a while to take effect the changes while Exchange generates Offline Address Book and Outlook get it. If you want to make the offline address book process faster, follow my blog post here.

In Outlook, DL properties shows like this with hidden members.

image

If we check the DL in OWA, it shows like this:

image

Hope it helped you. Leave me a reply.