Category: News

Server 2012 – TerminalServices Event ID 20499

Remote Desktop Services has taken too long to load the user configuration from server – Event ID 20499

I use mRemote to log onto my servers and noticed I repeatedly recieved the following error when logging on:

Please note that I’m actually not experiencing slow log on in any shape or form, I’m just bothered by the warning in my eventviewer.

Remote Desktop Services has taken too long to load the user configuration from server <SERVER> for user <USERNAME>

Here for your issue providing some workaround, might this helpful.

Add a new DWORD (32-bit) Value in registry, name it as “DisableTaskOffload” and set value data to 1 on below mention path.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

Set DWORD

Result:

Also you can try “Get-NetOffloadGlobalSetting “command, which includes Receive Side Scaling, Receive Segment Coalescing, task offload, and NetworkDirect.

Apart from that refer “Troubleshooting Slow Logons” article.

Source:

http://social.technet.microsoft.com/Forums/windowsserver/en-US/0dd2c0db-4eab-4e66-801d-76aeca59367a/remote-desktop-services-has-taken-too-long-to-load-the-user-configuration-from-server-event-id-20499?forum=winserverTS


Exchange 2013 – Multi Tenancy setup (Part 1)

Note: Please note that this page is still a “draft”. I just published it due to public demand.

The Draft part is just a lack of expansive explanations and descriptions, but I hope you find it usefull.

In this Post

Here we start preparing our Exchange 2013 server environment to work as a Multi Tenancy setup, meaning we can have multiple firms or Groups of persons with their own Address Lists etc.

During this series, we will setup our environment to accomodate a new Tenant named Tenant0001 with with the mail-domain domain.new, create an Address Book Policy and enable Address Book Policies routing agent (Is not described in this Part1) on our Exchange 2013 server.

The Tenants and users will be filtered by using the CustomAttribute1 and using Address Book Policies.

In this post we will keep it simple and just use one CustomAttribute and one Address Book Policy pr tenant. It is possible to use multiple Custom Attributes and use AND when configuring policies. You can also use multioke Policies to generate different views of the entire organization. Say one for Development, one for research and so on, and one for accounting that encompass all of them.

How, why and what is an Address Book Policy?

At default there is 1 Global Address List (GAL) which contains ALL mailusers (and most mail objects) in your organization.

You can make seperate “Groups” of people by using the Address Book Policies.
Each policy will as a bare minimum need 1 GAL, 1 Address Book, 1 Rooms list and 1 OAB.
We are going to filter these by using Custom attribute(s). You can also filter by OU and other paramenters, and a combinations of these.

If you create a new policy and assign it to 10 people. These people can only see the people in the Gal defined by the policy.

All other people in the organization can see the above mentioned 10 people due to the default GAL.

Best option is not to hide the 10 people, but to create a new policy for the rest instead.
Or more likely: several policies.

You can make nested address books as normal.

Contents on this page:

  1. Create AD STructure and UPN Suffix
  2. Setting up Exchange server for new Tenant
    • Add a new domain for the new Tenant
    • Global Address List (GAL) for Tenant0001
    • All Rooms Address List
    • All Users Address List
    • All Contacts Address List
    • All Groups Address List
    • Offline Address Book
  3. Email Address Policy
  4. Address Book Policy
  5. Ressource management by creating a Room Mailbox
  6. Creating a new user for our Tenant0001

1) Creating AD structure and UPN suffix.

We need a container to hold all of our data, created at the root of Active Directory

On your A/D server, via PowerShell:

New-ADOrganizationalUnit -Name Customers

First, create an Organization Unit (OU) to hold the tenant data, I am using the word Tenant with a 5 digit sequence number in my examples. Specifically I am going to use Tenant00001
!Note: In the example you will need to replace domain.dmz with your mailserver/local domain.

On your A/D server, via PowerShell:

New-ADOrganizationalUnit -Name Tenant00001 -Path "OU=Customers,DC=domain,DC=dmz"

Now we need to User Principal Name (UPN) suffixes for later. In this example our customers domain is domain.new

Set-ADForest -Identity domain.dmz -UPNSuffixes @{add="domain.new"}

If you are working remote against the Exchange server then you need to create a connection to EMS as the rest of the configuration is now with Exchange directly instead of A/D.

2) Setting up Exchange server for new Tenant.

Add a new domain for the new tenant.

New-AcceptedDomain -Name "Tenant00001" -DomainName domain.new -DomainType:Authoritative

Global Address List (GAL) for Tenant00001

New-GlobalAddressList -Name "Tenant00001 – GAL" -ConditionalCustomAttribute1 "Tenant00001" -IncludedRecipients MailboxUsers -RecipientContainer "domain.dmz/Customers/Tenant00001"

All Rooms Address List

New-AddressList -Name "Tenant00001 – All Rooms" -RecipientFilter "(CustomAttribute1 -eq 'Tenant00001') -and (RecipientDisplayType -eq 'ConferenceRoomMailbox')" -RecipientContainer "domain.dmz/Customers/Tenant00001"

All Users Address List

New-AddressList -Name "Tenant00001 – All Users" -RecipientFilter "(CustomAttribute1 -eq 'Tenant00001') -and (ObjectClass -eq 'User')" -RecipientContainer "domain.dmz/Customers/Tenant00001"

All Contacts Address List

New-AddressList -Name "Tenant00001 – All Contacts" -RecipientFilter "(CustomAttribute1 -eq 'Tenant00001') -and (ObjectClass -eq 'Contact')" -RecipientContainer "domain.dmz/Customers/Tenant00001"

All Groups Address List

New-AddressList -Name "Tenant00001 – All Groups" -RecipientFilter "(CustomAttribute1 -eq 'Tenant00001') -and (ObjectClass -eq 'Group')" -RecipientContainer "domain.dmz/Customers/Tenant00001"

Offline Address Book

New-OfflineAddressBook -Name "Tenant00001" -AddressLists "Tenant00001 – GAL"

3) Email Address Policy

You’ll also need to create an Email Address Policy. This example also includes first.last@domain email aliasing, or you can set the primary email address to first.last@domain by using the -EnabledPrimarySMTPAddressTemplate “SMTP:%g.%s@domain.new” attribute and data.
Note: strictly speaking, you don’t need to create an email address policy.

New-EmailAddressPolicy -Name "Tenant00001 – EAP" -RecipientContainer "domain.dmz/Customers/Tenant00001" -IncludedRecipients "AllRecipients" -ConditionalCustomAttribute1 "Tenant00001" -EnabledEmailAddressTemplates "SMTP:%g.%s@domain.new","smtp:%m@domain.new" -EnabledPrimarySMTPAddressTemplate "SMTP:%g.%s@domain.new"
Set-EmailAddressPolicy -Identity "Tenant00002 - EAP" -EnabledPrimarySMTPAddressTemplate "SMTP:%g.%s@domain.new"

4) Address Book Policy

The Address Book Policy is what ties everything together. Here we create a policy cointaining all the different Address Lists and Books we created in Step 2. This Address Book Policy can then be assigned to individual users.

New-AddressBookPolicy -Name "Tenant00001" -AddressLists "Tenant00001 – All Users", "Tenant00001 – All Contacts", "Tenant00001 – All Groups" -GlobalAddressList "Tenant00001 – GAL" -OfflineAddressBook "Tenant00001" -RoomList "Tenant00001 – All Rooms"

5) Ressource management by creating a Room Mailbox.

This step is not needed, but you might need it for your setup.

Here we create a new Room Mailbox for ressources. Note how the Adress Book Policy is assigned to the new mailbox using the -AddressBookPolicy parameter.

New-Mailbox -Name 'Tenant00001 Conference Room 1' -Alias 'Tenant00001_conf1' -OrganizationalUnit 'domain.new/Customers/Tenant00001' -UserPrincipalName 'confroom1@domain.new' -SamAccountName 'Tenant00001_conf1' -FirstName 'Conference' -LastName 'Room 1' -AddressBookPolicy 'Tenant00001' -Room

It is vital that we set a Custom Attribute for the mailbox, or it will not be included by the Address Book Policy we just created.

Set-Mailbox Tenant00001_conf1 -CustomAttribute1 'Tenant00001'

Here we set up how requests for our ressources are processed.

Set-CalendarProcessing -Identity Tenant00001_conf1 -AutomateProcessing AutoAccept -DeleteComments $true -AddOrganizerToSubject $true -AllowConflicts $false

6) Creating a new user for our Tenant0001

In creating the new User with a mailbox, we specify location location in AD and assign the Address Book Policy we created.

The password is entered using the popup that shows using the first line $c = Get-Credential

For the ‘username’ field you can type anything you want as it is the password attribute we want for the mailbox being created.

$c = Get-Credential
New-Mailbox -Name 'Morten Nielsen' -Alias 'tenant00001_morten' -OrganizationalUnit 'domain.dmz/Customers/Tenant00001' -UserPrincipalName 'morten@domain.new' -SamAccountName 'tenant00001_morten' -FirstName 'Morten' -LastName 'Nielsen' -Password $c.password -ResetPasswordOnNextLogon $false -AddressBookPolicy 'Tenant00001'

As with a room mailbox we need to also set a custom attribute to the tenant. This step cannot be performened in the same step as when you create the mailbox.

Set-Mailbox morten@domain.new -CustomAttribute1 "Tenant00001"

Generate and start using an SSL Certificate for MailCleaner Web interfaces

Making this post as a reminder for other people. I actually have an existing certificate on my Mailcleaner, but it happens to have just expired, so I need to create a new one. Instead of just creating a certificate internally in Mailcleaner, I am going to use www.startssl.com to generate a valid 3rd party free certificate. Certificates are free, as long as you do not need to create wild-card certificates.

Contents:

  1. Generating the Private Key, RSA Key and Certificate Request (CSR)
    1. Generate the Prviate Key and RSA Key
    2. Generate the Certificate Request (CSR)
  2. Submit CSR and recieve SSL .crt file
  3. Enter information into Mailcleaner
    1. Encoded SSL Certificate
    2. Encoded SSL Private Key
  4. Restart Mailcleaner services
1) Generating the Private Key, RSA Key and Certificate Request (CSR)

First I log into my mailcleaner using an SSH client like putty or xshell.

1.1) Generate the Private Key and RSA Key

When standing in root@mailcleaner:~# type the following line, and enter passwords as needed to create the Private Key file.

openssl genrsa -des3 -out 2014key-mailcleaner.key 2048

We have now generated a Private Key in a file named 2014key-mailcleaner.key

Now we need to create the matching RSA key.

Enter the following line and enter the password from above:

openssl rsa -in 2014key-mailcleaner.key -out 2014-mailcleaner.key

We now have created an RSA key file named 2014-mailcleaner.key

1.2) Generate the Certificate Request (CSR)

Now we generate the Certificate Request (CSR) which we submit to Startssl.com.
Specifically we use the RSA Key file 2014-mailcleaner.key to generate the CSR request file 2014-mailcleaner.csr

openssl req -new -key 2014-mailcleaner.key -out 2014-mailcleaner.csr

Here you will be asked for a number of inputs, where you have to pay special attention to Common Name. For some reason it is listed as YOUR name, but this is wrong!

Instead the Common Name = FQDN of your web server, ie: mailedge.mailcleaner.com

2) Submit CSR and recieve SSL .crt file

Now we open our CSR request file 2014-mailcleaner.csr using nano like so:

nano 2014-mailcleaner.csr

Copy/paste the contents of the file to a new file on your local computer for backup purposes.

It is important you use Notepad on your computer and get the entire contents of the file from and including —–BEGIN CERTIFICATE REQUEST—– to and including —–END CERTIFICATE REQUEST—–

Paste the same CSR contents into the 3rd party certificate request form and follow through the guide.

At the end of 3rd party guide you should get the matching SSL certificate, Copy the contents and save it to a local SSL Cert file named 2014-mailcleaner-sslcert.crt

3) Enter information into Mailcleaner

Log into MailCleaner’s web interface (as an admin) and navigate to Configuration–>Services–>Web Interfaces.  Enable SSL (HTTPS)

3.1) In the first box, Encoded SSL Certificate
Paste the new certificate that was issued to you by the CA.
Use Notepad to open the certificate file named 2014-mailcleaner-sslcert.crt, copy and paste it exactly as it was. Do not put in any trailing or leading spaces.

3.2) In the second box, Encoded SSL Private Key
Go back to your MailCleaner SSH connection.
Open the RSA Key file 2014-mailcleaner.key we created using:

nano 2014-mailcleaner.key
4) Restart Mailcleaner services.

Now, to finish it up, you need to go to Monitoring -> Status, click Advanced and restart the necessary services like Web Access. Also restart the Firewall although it might not be listed as in need of a restart.