Thursday, July 11, 2013

Changing and managing your Office 2010 product keys

Quick version of how to change your Office 2010 key

Via control panel, go to install / remove a program (this called different things in different versions of Windows, but if you have a Technet or MSDN subscription I would pretty much hope you know where this is).

Find the entry for Office 2010 and choose to change the installation (not remove). The very first screen of the install wizard gives you a bunch of options, simply choose the one to enter a product key as shown below:

Office 2010 change installation wizard

Note when you enter your 25 digit product key, you don't have to worry about CAPS or putting the hyphens in, that gets taken care of for you (just as with previous versions of Office). Also notice that when you put the last character in you get a message saying "Please wait while your key is validated" and the "Continue" button is greyed out and inactive (as seen below).

Office 2010 product key validation

Assuming your key is valid the message disappears and the button is activated so you can carry on. This is much clearer than the previous method for Office 2007 where the last character simply did not appear on screen while it was validating, there was just a mysterious wait and then the character appeared along with a green tick (or not, if it was invalid).

During a normal installation you then go through the various options, but if you are just changing the key that's all you need to do. Incidentally when you do install Office 2010 if you need to keep your previous version (and have a valid licence to do so, ie your Office 2010 is not an upgrade licence which effectively replaces your previous copy).

Using a VB script to change your product key

In the KB article it also lists an alternative method to change your product key using the Office 2010 Client Software License Management Tool – a VBS file which is already on your machine as part of the original install, for which there is an accompanying html file with usage instructions and notes. If you have the 32 bit version on a 64 bit platform the file you need to look at would be here:

%ProgramFiles(x86)%\Microsoft Office\Office14\  (note the usual inclusion of "(x86)" here)

Otherwise: %ProgramFiles%\Microsoft Office\Office14\

The files to look for in here are OSPP.HTM (found easily using windows search, especially on Vista or Windows 7 straight from the Start menu) and OSPP.VBS (as far as I know that stands for Office Software Protection Platform).

So, the simple usage for switching to a new product key and then re-activating your copy of Office is as described in the KB article (the only differences here being the (x86) in the path in the latter two commands):

If you are using the x86 version of Office Professional Plus 2010 on an x64 version of Windows operating system, follow these steps:

  1. At the command prompt, run the following command:
    cscript "%ProgramFiles(x86)%\Microsoft Office\Office14\ospp.vbs" /inpkey:<Product_Key>
    Note: <Product_Key> represents the product key that you want to install.
  2. Run the following command:
    cscript "%ProgramFiles(x86)%\Microsoft Office\Office14\ospp.vbs" /act

In other situations, follow these steps:

  1. At the command prompt, run the following command:
    cscript "%ProgramFiles%\Microsoft Office\Office14\ospp.vbs" /inpkey:<Product_Key>
  2. Run the following command:
    cscript "%ProgramFiles%\Microsoft Office\Office14\ospp.vbs" /act

Finding out which key is installed already

Another useful switch you can use is /dstatus which will report which edition is currently installed and licensed and the last 5 characters of the product key. This can be useful if you are having activation problems and need to make sure you have not used the same key twice on different machines in error, or if you are trying to maintain records and have your huge list of licence codes from various purchases and want to know which ones are used where (and perhaps which are not yet used at all). Of course, for large businesses you should be looking at volume licensing and simplifying this a lot, but many medium sized businesses may not be in a position to do that, yet need to control their spending and show they have good records of their software in use.

Notice that you can use the ospp.vbs script to target another machine on the network as well, so you could get licence keys for the Office 2010 installs on all computers by name, and use it to swap the keys on them or get them to reactivate remotely, for example to check the key in use on SomeComputer:

cscript "%ProgramFiles%\Microsoft Office\Office14\ospp.vbs" /dstatus SomeComputer

Why else would I need to change a key?

Maybe you installed Office 2010 on more than one computer and then realised you had accidentally put the same key into more than one machine (which would prevent activation from working properly), and you now need to put the right code in. Of course, you might also need to change the product key to stay properly within the terms of the Technet licence since that only allows you to evaluate the product, not use it long term to actually run your business. You can either buy a regular licence to get a code, or if you bought and installed Office 2007 between March 5th and September 30th 2010 you can go to the Office Technology Guarantee site and get a product key for an equivalent version of Office 2010. Note you can only get a free upgrade for 25 Office products which should only matter at all to small businesses not already buying into volume licensing with software assurance, and even then it's still something for nothing.

What about upgrading from different editions of the suites?

Since there is no "Ultimate" edition of Office 2010, upgrades from Office 2007 Ultimate will be to Office 2010 Professional. In all other cases the version you get is the same or a small step up from the 2007 version – most Office 2010 suites now include OneNote for example, so this will be an additional program for free. If you have 2007 programs not included in 2010, the short answer is to make sure you don't uninstall them when you install Office 2010.


---------------------------------------------------------------------------------------------------------------------------------------------


Other Methods to Change the Office 2010 Product Key


ssue: You go to activate Microsoft Office 2010 and you receive a message stating, "Your copy of Microsoft Office Professional Plus 2010 cannot be activated because the specified Product Key has already been activated the maximum number of times permitted for your software license as specified in the Microsoft Software License Terms."

 



 

The solution is to change the product key to another product key. I will show you three different methods of changing the License Key

Method 1

Open "regedit"


Navigate the registry to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\14.0\Registration\ and delete the whole "Registration" key located under the "14.0″ key

Right click "Registration"

Select "Delete"


Press "Yes"


 

Close Regedit, Restart an Office 2010 application. You should be prompted to reenter your License Key

 

Method 2

Open to Microsoft Word

Press "File"

Press "Help"

Select "Change Product Key" (this option was not here on my installation, I used Method 1)


 

Method 3

Click on Start Menu > Control Panel > Programs and Features (or Add/Remove Programs, depending on your operating system).

Click on your product, e.g. Microsoft Office Professional Plus 2010

Click "Change" on the top menu.

 


 

Select the option to "Enter a Product Key."

Press "Continue"


 

Changing your Product Key

Once you complete one of the Methods listed above you should be able to change your Product Key

Enter the appropriate product key from the top of this page and click "Continue."

 


Accept the agreement

Press "Continue"


Configuration will occur


Press "Close"


Select "I want to activate the software over the Internet (recommended)"

Press "Next"


Your product should activate successfully

Press "Close"


 

Monday, June 24, 2013

VSS-based backup

Volume Shadow Copy Service (VSS) is a Windows service for capturing and creating snapshots called shadow copies.  VSS, which operates at the block level of the file system, provides a backup infrastructure for Microsoft operating systems. 

Windows VSS has three major components in addition to the service -- writer, requester and provider. The service sits logically in the center of the other components and handles communication between them.

VSS writer -  Each VSS-aware application installs its own VSS writer to a computer during the initial installation. 

VSS requestor
 -  Any application that needs to quiesce data for capture can play the role of VSS requestor.

VSS provider
 - The provider creates and manage the shadow copies of data on the system. 
 

Here's how VSS works:  The VSS requestor announces that it needs to create a server snapshot. Prior to creating that snapshot, it queries the server to determine which VSS writers have been installed. (It needs this list so it can later instruct each writer to quiesce its associated application).  Then, the VSS requestor instructs each VSS writer to accomplish whichever task is needed for data quiescence. After each VSS writer reports that it has completed pre-backup tasks, the VSS requestor instructs the VSS provider to create a snapshot. The provider tells the requestor where to go to locate the data it needs and the backup begins. When the VM backup is complete, the VSS requestor announces that it has completed its activities. This announcement instructs each VSS writer to perform any post-backup tasks necessary so the computer and its applications can return to regular operation.


http://searchdatabackup.techtarget.com/definition/VSS-based-backup

Description of Full, Incremental, and Differential Backups

Full Backup (or Reference Backup)

When you set the Backup Type setting to Full, all the files and folders on the drive are backed up every time you use that file set. To set the backup type, click Options on the Settings menu, and then click the Backup tab. 

Example:
  1. In Backup, click the drives, files, or folders to back up, and then click Next Step.
  2. Click the destination (where you want the files backed up to).
  3. On the Settings menu, click Options, click the Backup tab, click "Full: backup of all selected files," and then click OK.
  4. On the File menu, click Save As and name your backup set. Once saved, click Start Backup.
  5. Provide a name for the selected drive, files, or folders in the Backup Set Label dialog box, and then click OK.
Advantages:
  • All files from the selected drives and folders are backed up to one backup set.
  • In the event you need to restore files, they are easily restored from the single backup set.
Disadvantages:
  • A full backup is more time consuming than other backup options.
  • Full backups require more disk, tape, or network drive space.

Incremental Backup

An incremental backup provides a backup of files that have changed or are new since the last incremental backup. To start the process, a file set with the incremental option selected is used to perform a backup. You can select the backup type by clicking Options on the Settings menu, and then clicking the Backup tab. 

For the first incremental backup, all files in the file set are backed up (just as in a full backup). If you use the same file set to perform a incremental backup later, only the files that have changed are backed up. If you use the same file set for a third backup, only the files that have changed since the second backup are backed up, and so on. 

In Backup, you can select files and/or folders to be backed up. If you select a folder, all the files and folders within that folder are selected. In an incremental backup, if you select a folder, files that are added to the folder are included during the next backup. If you select specific files, files that are added to the folder are not included during the next backup. 

Example:
Monday - Perform the first incremental backup of selected files and/or           folders using a file set with the Incremental option enabled.    Tuesday - Perform another backup with the backup file set you created            Monday. Only files that have changed since Monday's backup are            backed up.    Wednesday - Perform another backup with the backup file set you created              Monday. Only files that have changed since Tuesday's              incremental backup are backed up.  				
To reset a file set so that the next backup backs up all files, and not just files that are new or have changed, follow these steps:
  1. On the File menu, click Open File Set. Click the file set you want to use, and then click Open. Click Next Step.
  2. Click the destination (where you want the files backed up to).
  3. On the Settings menu, click Options, click the Backup tab, click "Full: backup of all selected files," and then click OK.
  4. On the File menu, click Save to save your backup set.
  5. Repeat steps 1 and 2.
  6. On the Settings menu, click Options, click the Backup tab, click "Incremental: backup of selected files that have changed since the last full backup," and then click OK.
Advantages:
  • Backup time is faster than full backups.
  • Incremental backups require less disk, tape, or network drive space.
  • You can keep several versions of the same files on different backup sets.
Disadvantages:
  • In order to restore all the files, you must have all of the incremental backups available.
  • It may take longer to restore a specific file since you must search more than one backup set to find the latest version of a file.

Differential Backup (Not Supported in Backup)

A differential backup provides a backup of files that have changed since a full backup was performed. A differential backup typically saves only the files that are different or new since the last full backup, but this can vary in different backup programs. Together, a full backup and a differential backup include all the files on your computer, changed and unchanged. 

Example:
Monday - Perform a full backup and save the file set.    Tuesday - Perform a differential backup using the same file set. All files            that have changed since the full backup are backed up in the            differential backup.    Wednesday - Perform a differential backup using the same file set. All the              files that have changed since Monday's full backup are backed              up.  				
Advantages:
  • Differential backups require even less disk, tape, or network drive space than incremental backups.
  • Backup time is faster than full or incremental backups.
Disadvantages:
  • Restoring all your files may take considerably longer since you may have to restore both the last differential and full backup.
  • Restoring an individual file may take longer since you have to locate the file on either the differential or full backup.

Wednesday, June 19, 2013

Exchange Server 2013 Load Balancing Indepth

What are the options available to load balance Exchange 2013 traffic?

I am sure all of you have come across the statement that Exchange 2013 only needs Layer 4 load balancer and in fact Microsoft marketing heavily uses it to convey the message that it will reduce the cost of implementing an Exchange 2013 infrastructure. What if you already have a Layer 7 load balancer which is currently serving 2010 CAS? Let's take a look as to how Exchange 2013 gets away without the need for affinity.

The use of layer 4 load balancing in Exchange 2013 assumes that all CAS servers have the same SSL certificate (whether it is from an internal or 3rd party CA). When I say the same certificate, it should absolutely be the same certificate, not different certs issued by the same CA which covers the same urls. One scenario where this might happen is during the certificate renewal & rollout process, where one or more servers will have the new cert with a longer expiry date than the other ones.

Let's take the example of a user accessing OWA internally and try to understand why affinity is not required in 2013. The way OWA connection works in 2013 is as follows.

  • The user connection is authenticated by any one of the 2013 CAS servers.
  • The CAS issues an authentication token (cookie) with session keys and other info and the cookie gets encrypted using the public key of the SAN cert on the CAS server.
  • The OWA client hands the cookie to the server with any new requests. In this case, it doesn't matter if the new request is handled by a different CAS server, as that server is capable of decrypting the cookie with it's private key, as all CAS servers have the same certificate.
  • As the authentication cookie is successfully decrypted irrespective of which CAS 2013 server it hits, the user or client is not challenged to authenticate again with an FBA page.
  • The 2013 CAS server does NOT do any data rendering, everything is done by the mailbox server that hosts the user's mailbox.
  • Hence, irrespective of the route the client takes (whichever CAS) and even if the same client opens multiple paths (via different CAS), they all end up on the same backend mailbox server which hosts the user mailbox.

This change in logic in Exchange 2013 ( to encrypt the cookie using a shared key across the CAS pool) enables it to avoid having layer 7 load balancing and session affinity. What if you already have invested in a layer 7 LB (maybe you have 2010 up & running)? Can you use that with 2013? You absolutely can and you should use L7 LB if you already have it, as they have much richer protocol specific health checks.

So, are there any drawbacks in using L4 load balancers? Yes, there is and it is around protocol specific health checks. As layer 4 load balancer only sees the IP and port to which the traffic is routed, it is impossible to differentiate the protocol the client is trying to get to – whether the user is accessing OWA or OAB or EAS or EWS etc, as they all use port 443.

A workaround to overcome this limitation will be to use one VIP per protocol and do health checks that way. In this case, you will have a number of different urls (one for OWA, another for EWS etc) hitting different VIPs and depending on the protocol the VIP is serving, an appropriate health check can be performed, say check whether /owa/auth/logon.aspx is assessable before routing the OWA traffic. This means that we will need all those different urls in the cert and more importantly, the LB should have corresponding number of VIPs to service each Exchange 2013 protocol.

Hope this clears the confusion. Have you already deployed Exchange 2013 load balancing? If so, please share your config with the community.

How to clear old unused distribution lists from Exchange 2010/2007 programatically

Source :   http://ivan.dretvic.com/2011/10/how-to-clear-old-unused-distribution-lists-from-exchange-2010-programatically/

 

We have used below CMDs to provide the DL Status report for IMG Client.

 

Get-DistributionGroup -ResultSize unlimited | Select-Object PrimarySMTPAddress | Sort-Object PrimarySMTPAddress | Export-CSV DL-ALL.csv –notype

 

 

Get-TransportServer | Get-MessageTrackingLog -EventId Expand -ResultSize Unlimited | Sort-Object RelatedRecipientAddress | Group-Object RelatedRecipientAddress | Sort-Object Name | Select-Object @{label="PrimarySmtpAddress";expression={$_.Name}}, Count | Export-CSV DL-Active.csv –notype

 

 

 

$file1 = Import-CSV -Path "DL-ALL.csv"

$file2 = Import-CSV -Path "DL-Active.csv"

Compare-Object $file1 $file2 -Property PrimarySmtpAddress -SyncWindow 500 | Sort-Object PrimarySmtpAddress | Select-Object -Property PrimarySmtpAddress | Export-Csv DL-Inactive.csv –NoType

 

 

 

1. Configuring Exchange MessageTrackingLogs settings

Here are the settings i used to configure my logging on my server, named EXCH1. I decided to increase my logging from 30 days to 90 days based on my own requirements – you may need to go longer.
Notes:

·         Note this is a server specific command and you need to do it to all your transport servers

·         My 300 seat environment used 500MB per month of logs.

·         Increasing the log will not remove the original logs

·         You will have to wait 2 months after setting

·         If you C:\ drive is short on space you can relocate the log path to a different local drive

The following command gets the logging information needed from server EXCH1

1

Get-TransportServer -Identity EXCH1 | fl *messagetracking*

2

MessageTrackingLogEnabled               : True

 

3

MessageTrackingLogMaxAge                : 30.00:00:00

4

MessageTrackingLogMaxDirectorySize      : 1000 MB (1,048,576,000 bytes)

 

5

MessageTrackingLogMaxFileSize           : 10 MB (10,485,760 bytes)

6

MessageTrackingLogPath                  : C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\MessageTracking

 

7

MessageTrackingLogSubjectLoggingEnabled : True

The following command sets the Log Directory size to 3GB

1

Set-TransportServer -Identity EXCH1 -MessageTrackingLogMaxDirectorySize 3000MB

The following command sets the Max Age of logs from 30 days to 90 days

1

Set-TransportServer -Identity EXCH1 -MessageTrackingLogMaxAge 90.00:00:00

The following command gets the updated logging information needed from server EXCH1

1

Get-TransportServer -Identity EXCH1 | fl *messagetracking*

2

MessageTrackingLogEnabled               : True

 

3

MessageTrackingLogMaxAge                : 90.00:00:00

4

MessageTrackingLogMaxDirectorySize      : 2.93 GB (3,145,728,000 bytes)

 

5

MessageTrackingLogMaxFileSize           : 10 MB (10,485,760 bytes)

6

MessageTrackingLogPath                  : C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\MessageTracking

 

7

MessageTrackingLogSubjectLoggingEnabled : True

2. Export list of ALL distribution lists

To export ALL DL's from your environment run the below command. This command will export the primary SMTP address from all DL's and sort them alphabetically, and put them in a CSV file.

1

Get-DistributionGroup | Select-Object PrimarySMTPAddress | Sort-Object PrimarySMTPAddress | Export-CSV DL-ALL.csv -notype

3. Export list of ALL active distribution lists based off Exchange Tracking Logs

To export all active DL's from your server we need to look into the transport logs. We first fetch all event logs relating to the expansion of DL's, then we sort them by RelatedRecipietAddress. Now that they are sorted we group them by RelatedRecipientAddress. From here we sort it alphabetically by the Name column, rename the Name column to PrimarySmtpAddress (so that it matches the column name of the DL-ALL.CSV file, then export the renamed Name column and the Count column to a CSV. Below is a command to do this:

1

Get-MessageTrackingLog -Server EXCH1 -EventId Expand -ResultSize Unlimited | Sort-Object RelatedRecipientAddress | Group-Object RelatedRecipientAddress | Sort-Object Name | Select-Object @{label="PrimarySmtpAddress";expression={$_.Name}}, Count | Export-CSV DL-Active.csv -notype

Note: The count column simply displays how many emails were found being sent to the DL. You can sort that to tell you the most popular/least popular ones in your environment.

4. Compare the results and output the inactive DL's

So initially I compared the output using Excel  and VLookups (Yuk – I know) and then I remembered we can do soo many things in PowerShell! Well here I import two CSV's that we generated previously, compare the two files and output the difference to a new file called DL-Inactive.csv.

1

$file1 = Import-CSV -Path "DL-ALL.csv"

2

$file2 = Import-CSV -Path "DL-Active.csv"

 

3

Compare-Object $file1 $file2 -Property PrimarySmtpAddress -SyncWindow 500 | Sort-Object PrimarySmtpAddress | Select-Object -Property PrimarySmtpAddress | Export-Csv DL-Inactive.csv -NoType

5. Hide all unused DL's from the Global Address List

So now you have a long list of distribution groups and you have confirmed with the business that all those DL's are no longer used. Now you simply run the following command and it will mark all those DL's as hidden. Immediately you have a sense of relief when this is done – you are truly on the path of cleaning up your Exchange environment!

The below scipt imports your now cleaned and checked DL-Inactive.csv file. From here we get each line, add a note saying it is now hidden (with a date) and hide it from the GAL using Set-DistributionGroup cmdlet.

1

$a = Get-Date

2

$notes = "$a - Hidden from address list due to inactive use."

 

3

$inactiveDL = Import-CSV -Path "DL-Inactive2.csv" | foreach-object

4

{

 

5

Set-Group -identity $_.PrimarySmtpAddress -notes $notes

6

Set-DistributionGroup -identity $_.PrimarySmtpAddress -HiddenFromAddressListsEnabled $true

 

7

}

6. Actually delete these Distribution Groups

So time has passed and there are no HelpDesk calls asking for some missing DL's. The cloud has settled and you are prepared to delete the DL's. Well before you go and delete anything you have to remember that these groups (if they are security groups) could be used elsewhere. So because of this, all we are going to do is disable the mail capabilities from that group, and then add a note in their notes field that this was done and when. I recommend using extreme caution!

Below is the code:

1

$a = Get-Date

2

$notes = "$a - No longer Mail Enabled due to inactive use."

 

3

$inactiveDL = Import-CSV -Path "DL-Inactive2.csv" | foreach-object

4

{

 

5

Set-Group -identity $_.PrimarySmtpAddress -notes $notes

6

Disable-DistributionGroup -identity $_.PrimarySmtpAddress -Confirm $false

 

7

}

There you have it. You are now left with a clean list of distribution lists that can be run periodically to determine if more cleaning is required. Your users will love it because all you are left with is up-to-date distribution lists that are current and up to date.
Last point – i have not converted this into one PS script yet, and do all the steps individually. When I do merge it all into the one, i will post it up here.