Lync Communicator 2010/2013 not updating or showing AD pictures

Have you noticed that pictures from people in your company are not displaying on your Lync even though they show up on others?

No Pic Lync


To get the pictures back exit  Lync and navigate to C:\Users\username\AppData\Local\Microsoft\Communicator\
*Note that AppData is hidden so you can either manually type it in or click to show hidden folders in explorere

In the Communicator folder you will see  I would suggest renaming the folder to a .old.  Once you rename it open Lync back up and it should now repopulate all the pictures from AD.

Lync Pic

Once you verify that this works you can then delete the old sip folder.



Converting VHD / VHDX to VHD / VHDX

So you want to create a Hyper-V on your Windows 8 computer to use for Server 2008/R2?  I hope that reading this post can save you some time and frustration when you try to move the fresh image that took you a while to make only to find out it won’t work in Server 2008.

With the new features in Windows 8 and Server 2012 Hyper-V now has a new extension of VHDX which is not backward compatible with older systems.

If you found this too late there is no need to re-create your image as it can be converted from Server 2012 or Windows 8.  This conversion also supports VHD to VHDX conversion just follow the same article and chose VHDX instead.

Open up your Hyper-V manager in Windows 8

On the right side under “Actions” select “Edit Disk”

Convert vhd vhdx to vhd vhdx 1


Click Next when the edit virtual hard disk wizard comes up

Click on Browse to locate your VHDX disk you wish to convert

Convert vhd vhdx to vhd vhdx 2


Once located and selected click on Next

You will now be prompted with 3 options

  • Compact
  • Convert
  • Expand

Select Convert

Convert vhd vhdx to vhd vhdx 3


Now chose what version you want to convert to and in our case since we already have a VHDX we want VHD so it can be used for 2008/R2

Convert vhd vhdx to vhd vhdx 4


When you initially created the virtual machine if you accidentally selected Dynamic instead of Fixed here is one way to change that.  If you want to keep it the same in this case Dynamically available just click Next

Convert vhd vhdx to vhd vhdx 5


Last thing is where you want to save the new file

Convert vhd vhdx to vhd vhdx 6


Now confirm your settings and click on Finish

Convert vhd vhdx to vhd vhdx 7

To mount this VHD just go through the New Virtual machine and when you get to the point to connect virtual hard disk just select “Use an existing virtual hard disk”.

Why so many complaints about Windows 8

I have been using Windows 8 for roughly 9 months and would admit at first was a little frustrated especially trying to figure out where the hell the shutdown button was.  Sure the Start orb is missing but is it really.  Think about it..When you’re in an older version of Windows do you not click the lower left corner to open up the Start menu?  So what’s the difference in Windows 8 you do the same thing but instead its larger icons and to make things easier you can just start typing and easily search.  So why are so many people complaining about this change?  I hear people complaining about how Windows 8 sucks but when you ask many of those people what they dislike or if they have used it the response is typically “NO” I haven’t used it but have heard about it.  Come on people if you don’t give it a try then stop being followers.

So what are some of the good things about it?  Well for starters the boot up and shut down time are quicker than any other previous Windows OS.  Programs that worked in Windows 7 work in 8. Finally they got rid of virtual server that only could handle x32 and now have integrated Hyper-V which does mostly everything Windows Server 2012 Hyper-V can and I no longer have to purchase VMWare workstation for this.  Of course there are a few things I don’t like such as the missing safe mode which Microsoft now relies on the OS to boot into safe mode when it detects a problem or you have to tell the OS prior to restart that you want to go into advanced startup.  One minor issue which is easily remedied is the missing gadgets.  And no Microsoft the tiles you say should be used instead are crap and don’t equate to the gadgets.  Another issue I have is that administrators cannot load the management tools for Exchange 2010 nor administer Hyper-V 2008 servers.  What the hell are you thinking Microsoft?  I now have to rely on 3rd party tools to administer my 2008 Hyper-V environment or be forced to purchase SCCM.

Not for anything but people should be complaining about not being able to hit F8 to get into safe mode or not being able to load management tools needed for the common network admin not so much the Start menu or not being able to boot into the desktop.

TMG Windows Update Fails with Result Code 80072EE2

After migrating an enviroment from ISA 2006 Enterprise TMG 2010 Standalone I encountered an issue when trying to run Windows updates.  I was receiving error 80072EE2 “Windows could not search for new updates” as seen below

TMG Update error 1


I did notice that the Malware and Network Inspection Systems kept up-to-dateTMG Inspection 2In order to resolve this issue open up command prompt in elevated mode and type in
netsh winhttp set proxy localhost:8080



That was it after that I was then able to run updates.

Install Lync and Exchange IM Integration with Multiple Exchange Servers on One Exchange Server

Lync and Exchange IM Integration with Multiple Exchange Servers

This article covers the Instant Messaging (IM) integration configuration between Lync Server 2010 and Exchange Server 2010 SP2.  I  have 2 Exchange Servers one in the US and the other in EMEA and only wanted to implement in the US.  I could not find a tutorial on how to only publish to one site so I hope this can help.


  1. Install the prerequisite software and associated hotfixes on the Exchange server.
  2. Enable various instant messaging settings on the Exchange Client Access service.
  3. Define a new Trusted Application Pool and configure the Trusted Application in Lync Server.


1.  Install Prerequisite Software (MUST BE INSTALLED IN THE ORDER BELOW)

The first component to install is the Microsoft Office Communications Server 2007 R2 Web Service Provider which contains the necessary components to add basic IM and presence features into Outlook Web App.

  • Download and install the CWAOWASSPMain.msi installation package on the Exchange Server where the Client Access Server role is running (e.g.  Select the default installation location as this package will only unpack the installation files and then drop them in the directory shown, it does not perform any component installation.

Lync Exchange Integration 1

  • Browse to the newly created directory (e.g. “c:web service provider installer package”) and run the vcredist_x64.exepackage to install Visual C++2008.  This component may already be installed if the UM integration was previously configured on this Exchange Server.

Next is the Unified Communications Managed API 2.0 Hotfix (KB 2400399) which installs the latest updates for the UC Managed API.  Although this component is included in the unpacked Web Service Provider install directory a newer version needs to be used.


  • Download and install the UcmaRedist.msp patch on the Exchange Server.  Using the Programs and Features control panel verify the installed version is at least 3.5.6907.215.  This component may also already be installed if UM integration is already configured.

Lync Exchange Integration 2

Now the Web Service Provider components can be installed.


  • Browse to the newly created directory (e.g. “c:web service provider installer package”) and execute theCWAOWASSP.msi package on the Exchange Server.  The installation is nearly silent and only a brief status window will appear.  Since no confirmation window appears the installation should be validated by using the Programs and Features control panel verify the installed version is at least 3.5.6907.57.  (Make sure not to mistake the Installer Package as it also appears in the list with the same version; there should be two similar lines.)


  • Lync Exchange Integration 3

The next component needed is the OCS 2007 R2 Web Service Provider Hotfix (KB 981256) which updates the Web Service Provider with the latest hotfixes. Take note that although the file name of this patch appears identical to the original installation file extracted in an early step the patch is not all-inclusive (notice .msi versus .msp)

  • Download and install the CWAOWASSP.msp patch on the Exchange Server.  The version number should now be incremented to 3.5.6907.202.
  • Lync Exchange Integration 4

2. Configure Exchange Server

The Client Access Server configuration is performed using the Exchange Management Shell with a set of PowerShell cmdlets used to identify the current certificate and then populate the various InstantMessaging parameters.

The initial step is identify the certificate currently assigned to the IIS service in Exchange and record the thumbprint value.

  • Display a list of installed certificates and their enabled services by using the following cmdlet.  Copy the Thumbprintvalue for the certificate enabled for the Internal CAS service.

Get-ExchangeCertificate|fl Services,Thumbprint

Lync Exchange Integration 5

  • You may need to open up the MMC console and look at the computer certificateLync Exchange Integration 6-1
  • To make sure that only a single OWA Virtual Directory is currently configured on the Exchange Server (which is the default) execute the Get-OWaVirtualDirectory cmdlet and verify that the only returned result is owa (Default Web site).


Lync Exchange Integration 6

This is where I could not find a solution on having 2 different Exchange Servers and applying only to 1

Get-OwaVirtualDirectory | Set-OwaVirtualDirectory  -identity “EXCHANGESERVER\owa (Default Web Site)” -InstantMessagingType OCS -InstantMessagingEnabled:$true –InstantMessagingCertificateThumbprint THIS IS THE CAS SERVER THUMBPRINT -InstantMessagingServerName

Perform an iisreset on the Exchange Server where the changes where applied to force and update of the IIS metbase and service.  If this is a live environment then the /noforce option should be added to prevent dropping any active client connections.

Lync Exchange Integration 7

3. Configure Lync Server

Now we need to configure the Lync 2010 server.  Use the Lync Server Topology Builder to add a new Trusted Application Pool, as follows:
  • Open the existing topology.
  • Expand your Lync Server 2010 > your sitename.
  • Right-click Trusted application servers and select New Trusted Application Pool.
  • Enter your CAS server or CAS array’s FQDN in the Pool FQDN field, select Single Computer Pool and click Next.  If you’re using a hardware load balancer with separate VIPs for OWA and MAPI connections, use the FQDN for the OWA (HTTPS) connections.
  • Select the Front End Pool for the Trusted Application Pool.
  • Click Finish.
  • Right-click the new Trusted Application Server and select Edit Properties.
  • Clear the check box for Enable replication of configuration data to this pool and click OK.

    Lync Exchange Integration 8

Publish the new topology.

The next step in the configuration is to use the New-CsTrustedApplication cmdlet to define a trusted application and associate it to the new trusted application pool.

Before configuring the trusted application an open listening port on the Lync Server must be selected.  Any unused port can be selected and in this example 5059 was chosen in an effort to keep it mathematically close to the other Lync Server related ports.  If no output is shown in the command then that indicates the port is not currently used as a source listening port, nor are any connections established to foreign hosts using that as a destination port either.

Enter the following command on the Lync Server to search for any current usage of the desired TCP port.

netstat -a | findstr 5058

  • Use the following New-CsTrustedApplication cmdlet to create the trusted application and associate it with the new trusted application pool.  (The ApplicationID value can be any desired string such as it is unique to the trusted application pool.)

New-CsTrustedApplication -ApplicationId ExchangeOWA -TrustedApplicationPoolFqdn -port 5058

After running this is what you should see 

WARNING: The following changes must be made in order for the operation to be complete.

Enable-CsTopology must still be run for all changes to take effect.
Identity               :
ComputerGruus              :                             com;gruu;opaque=srvr:exchangeowa:zluL1yQ-Cw0mk-mSgAA}
ServiceGruu                :;gruu;opaque=srvr                            :exchangeowa:zluL1xka0mk-mSgAA
Protocol                   : Mtls
ApplicationId              : urn:application:exchangeowa
TrustedApplicationPoolFqdn :
Port                       : 5058
LegacyApplicationName      : exchangeowa

As instructed by the previous command issue the Enable-CsTopology cmdlet to apply the latest configuration changes.  The -v switch (for verbose) can be used to display the command progress as well as the location of the output log file.

Enable-CsTopology -v

VERBOSE: Creating new log file

VERBOSE: Activate new or updated services in the topology.
VERBOSE: No changes were made to the Central Management Store.
VERBOSE: Creating new log file
VERBOSE: “Enable-CsTopology” processing has completed successfully.
VERBOSE: Detailed results can be found at

4. Verify Integration

At this point the integration should be fully functional and can be verified by logging into Outlook Web App with a Lync-enabled and mailbox-enabled user account.

Disable 32-bit Java updates on 64-bit Windows with Group Policy

In my current environment users don’t have admin access so when they get the annoying prompt for Java updates that occur 2-3 times a week we get lots of emails about them needing it updated.

For as much as I would like to eliminate the install base of Java it’s sum what of a necessary evil because lots of applications still rely on it.  Because of this most domain PC’s may have this installed and because of Java’s default programming it will prompt the user that an update is available and ultimately fail if the user does not have admin rights.  This update will also fail if the user has a domain user account but has local admin rights to elevate themselves.  So how do you get around this you ask?  You could install SCCM 2012 and deploy the updates using the 3rd party configuration.

Java ready

If you are going to use this please be aware that its not intended for you just hide the update notifications and ignore the updates.  We all know all the vulnerabilities java has and the importance to update it.

Open up your GPO editor and you will need to create a new GPO.  Name it accordingly then:

Click on Computer Configuration > Preferences > Windows Settings > Right click on Registry > Choose New > Registry Item

Reg Key Final

These are the settings you will need to complete.  I would use a Windows 64 bit computer with 32 bit version of java and admin tools to access GPO editor installed to make this easier:

Action:  Update


Key Path:  SOFTWARE\Wow6432Node\JavaSoft\Java Update\Policy

Value name:  EnableJavaUpdate

Value type:  REG_DWORD

Value data:  00000000


Again if you have a Windows 64 bit computer with 32 bit version of java and admin tools to access GPO you can browse the key path on your local PC to make sure its accurate.

Once completed your new key should look like this:

Reg Key Final

Now you can apply it to some test PC’s and perform a gpupdate to test.  If all is good deploy to the masses.

Unblocking ISATAP in DNS

By default, DNS servers running Windows Server 2008 R2 or Windows Server 2008 use the global query block list to block the resolution of the name ISATAP. To allow name resolution for the ISATAP name, you must remove ISATAP from the global query block list of the DNS Server service for each DNS server on your intranet running Windows Server 2008 R2 or Windows Server 2008.

To complete these procedures, you must be a member of the local Administrators group on the DNS server, or otherwise be delegated permissions to modify registry values on the DNS server.

  1. Click Start, type regedit.exe, and then press ENTER.
  2. In the console tree, open Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters.
  3. In the contents pane, double-click the GlobalQueryBlockList value.
  4. In the Edit Multi-String dialog box, remove the name ISATAP from the list, and then click OK.
  1. Start a command prompt as an administrator.
  1. In the Command Prompt window, run the following commands:
    net stop dns
    net start dns

CRM 2011 some users are unable to run reports.CRM 2011 Error message received: Reporting error: The report cannot be displayed (rsprocessingaborted)

Problem – After an upgrade to CRM 2011 from CRM 4.0 some users are unable to run Reports.  Error message received:

Reporting error: The report cannot be displayed (rsprocessingaborted)

Root Cause – Caused due to missing  security Permissions in CRM

Go to Settings, System then Administration and last security roles:

CRM Settings


Now click on the Security Role you are having the issues with and in this example I will use Marketing Manager:
CRM Roles

You will find the permission under the Customizations tab, for the “Entity” Entity and “Field” entity you will need to apply Read permissions to the security role.
CRM Roles ManagingAfter changing those permissions the users should now be able to run the reports.

Allow End Users Remote Desktop access to Domain Controller on Server 2008 R2

In organizations that I have worked in there has been several occasions where I have had to add Terminal Server Licenses to a Domain Controller.  This has only been done in a dev environment because it is not recommended by Microsoft.  There may be circumstances where you would want to do this in a production environment but use this at your own discretion.

  1. Log on to the Domain Controller as Domain Admin
  2. Open Server Manager. To open Server Manager, click Start, point to Administrative Tools, and then click Server Manager.
  3. Under Roles Summary, click Add Roles
  4. On the Before You Begin page of the Add Roles Wizard, click Next.
  5. On the Select Server Roles page, select the Remote Desktop Services check box, and then click Next.
  6. On the Introduction to Remote Desktop Services page, click Next.
  7. On the Select Role Services page, select the Remote Desktop Session Host check box, and then click Next.
  8. After clicking on next you will now get a pop up warning

  9. Now click on Install Remote Desktop Session Host anyway (not recommended)
  10. On the Uninstall and Reinstall Applications for Compatibility page, click Next.
  11. On the Specify Authentication Method for Remote Desktop Session Host page, you will need to make a decision if you want older remote desktop clients or my recommendations I would click Require Network Level Authentication, and then click Next
  12. On the Specify Licensing Mode page, select Configure later, and then click Next.
  13. On the Select User Groups Allowed Access To This Remote Desktop Session Host Server page, click Next. In my environment for ease of access an because this was a dev environment I chose domain users.  I would highly recommend creating a group in AD and then adding it here (ex…Allow Remote Desktop)
  14. On the Configure Client Experience page, click Next.
  15. On the Confirm Installation Selections page, verify that the RD Session Host role service will be installed, and then click Install.
  16. On the Installation Results page, you are prompted to restart the server to finish the installation process. Click Close, and then click Yes to restart the server.
    After the server restarts and you log on to the Server, the remaining steps of the installation finish. When the Installation Results page appears, confirm that installation of the RD Session Host role service succeeded, and then click Close to close the RD Session Host configuration window. Also, close Server Manager.

    Here is the screen after the reboot

    The RD Session Host role service is now installed. For users to be able to connect to this server, you must add the user accounts to the local Remote Desktop Users group on the DC.

  17.  Log on to the server and navigate to AD Users and Computers and add either a group of users you want to have access to Remote Desktop (Best way to do it) or you can just add the individual user.
  18.  Now if you want to allow more people to gain access and have Terminal Server licenses install the feature and add your licenses.  If you don’t know how to do this add a comment and I can add a how to.

Activation error on Windows 8 Code 0x8007232b DNS name does not exist

If you’re having issues trying to activate your Windows 8 client and keep getting a DNS name does not exist, I have your solution.  The likely problem is that you are using an MSDN, Technet or EA copy of Windows 8 and its trying to find the KMS server but you’re using a MAK key.  Follow these steps and you will be golden:

  1. Right click in the lower left hand corner in Windows 8
  2. Select Run the command prompt as an administrator
  3. Enter slmgr -ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
    1. This will enter your key
  4. Enter slmgr -ato
    1. This will now activate your key
  5. After about 10 seconds you will get a pop up saying Installed product key
Note that the xxxx is your MAK key.