Recently, I tried to deployed the latest cumulative update release for Exchange 2013 as well as implement hybrid configuration with my Office 365 which was finally fully upgraded – I say fully upgraded because even after receiving the notification of my tenant has been upgraded to latest version there was still a component running on older version, I mean FOPE.
After raising a service request to Office 365 support and fight a lot, I finally get FOPE upgraded; but this is not the point of this post.
Just after that I wanted to implement hybrid configuration between my Exchange 2013 On Premises and my Office 365 tenant. Off course I had prepare everything to get smooth implementation (I mean a public certificate for my on premises).
Unfortunately, when I tried to implement this hybrid configuration I quickly ran to a strange issue: hybrid configuration wizard quickly failed after starting the implementation with the following error Property Enabled can't be set on this object because it requires the object to have version 0.10 (22.214.171.124) or later. The object's current version is 0.0 (6.5.6500.0).
The wizard did not complete successfully. Please see the list below for error details.
Updating hybrid configuration failed with error 'Subtask Configure execution failed: Configure Organization Relationship Execution of the Set-FederatedOrganizationIdentifier cmdlet has thrown an exception. This may indicate invalid parameters in your hybrid configuration settings. Property Enabled can't be set on this object because it requires the object to have version 0.10 (126.96.36.199) or later. The object's current version is 0.0 (6.5.6500.0). at Microsoft.Exchange.Management.Hybrid.RemotePowershellSession.RunCommand(String cmdlet, SessionParameters parameters, Boolean ignoreNotFoundErrors) '. Additional troubleshooting information is available in the Update-HybridConfiguration log file on server
At the same time, the Exchange Product Group released the latest cumulative update – CU 3 – which also failed to install with the same error.
Strangely, CU 2 has been installed successfully.
Luckily, I had my service request to Office 365 support was still open and they were able to assist me by involving the Exchange support.
Microsoft Exchange support engineer asked me to check the value of the msExchVersion attribute for the Federation container
In my case, this attribute had no value. So, I have been asked to enter the following value 44220983382016.
After setting the value, I have been able to complete the hybrid configuration as well as the installation of the CU 3.
Following the earlier announcement, Microsoft has started to upgrade existing Office 365 E plan to allow them to get Enterprise Yammer.
You have to start the Yammer upgrade from your Office 365 Portal.
Log on to your Office 365 administration portal with an administrator account; if your tenant is ready for the upgrade, you should see a new section below Service Overview called Included Services
Click on this link and then you will be able to click on the Yammer Enterprise Activation link – Yes, activate Yammer Enterprise for my network
Then you will be asked which domain has to be used for SSO – you can associated new domain from there too
NOTE If you don’t have any associated Internet domain, you will be asked for associate one
The activation process is in progress; it may take some time to complete
Starting then, Yammer is now displayed in the Dashboard
Once the provisioning is finished, Yammer is now appearing in the Admin menu, and the Included service link disappears from the Dashboard
You can now manage your Yammer Enterprise…
First thing, there is no need to associate a Yammer license to a user account as shown below
So, if you hit the Yammer link from the admin menu, you will be redirected to the Yammer portal using your Internet email address
By default, the Yammer administrator is set to the user account which starts the Yammer upgrade
With the Yammer administrative rights, you will be able to manage your Yammer network
The first thing is to add (maybe) additional administrator; to do so, just hit the Admins menu on the left side
Just enter the additional administrator name; the system will automatically propose name(s)
After selecting the user name, check the Make this user an admin option
Once the user added as administrator, click on the Grant verified admin button which appears on the right side of the added user
You can later decide to revoke or remove this user as administrator, so just go to the same Admins menu and click one of the button Revoke Verified Admin (temporarily revoke administrator rights) or Remove (definitively remove the user from the admin list – you will be able to re add him again if you want)
Hitting the Configuration link on the left side allows you to manage your network – change the name, enable/disable features
Changing the network name doesn’t change the URL neither the email address @yammer.com associated with
The design link allows you to change the style sheet used for your network as well as adding your company logo
To ensure all your user is automatically added to your Yammer network – allowing to disable the Yammer registration process, just go to the Directory Integration menu below the Users section on the left. This requires before the Yammer directory synchronization tool to be installed and configured – see http://blog.hametbenoit.info/Lists/Posts/Post.aspx?ID=570
If you have SharePoint 2013 installed as part of an Enterprise Agreement, you now have access to Yammer as part of this license. However, you might have already started using a public Yammer network before it was part of that license. If so, how do you make sure all of the users in your on-premises Active Directory are also in your Yammer network?
Good news, you can use Active Directory synchronization to match the users from your on-premises Active Directory with those in Yammer.
BE CAREFUL this is NOT the same directory synchronization tool used with Office 365.
You can install Yammer Directory Synchronization tool on the same server than the one running Office 365 Directory Synchronization; as there is no support details, I can not say if this is supported or not to run both on the same server. Only thing it is like for Office 365 Dirsync, ie do not install on domain controller or any server running business critical application
Yammer Directory Synchronization tool download: http://success.yammer.com/wp-content/uploads/2013/07/Yammer.DirSync_v3-0-3-6.zip
Launch the setup program and follow the wizard
Then it starts the configuration wizard
Enter the email address and password associated with the account which will perform directory synchronization – this account MUST BE a verified administrator of your Yammer network. This requires you have a Yammer Enterprise subscription – as this is part of Office 365, you just have to enable it if you are eligible – see http://blog.hametbenoit.info/Lists/Posts/Post.aspx?ID=571
Once the tool has been installed, just logon using your Yammer administrative account
Once the tool has been installed, just logon using your Yammer administrative account
Then define the domain controller to use for the synchronization – once it has been done, you can add additional directory server by hitting the Add New button just below the server list
Once the directory server list has been filled as expected, just click on the Validate button on the left side and start the validation
Once the validation process is finished, it will display few information regarding number of user created/disabled since last synchronization – this is a little bit weird because this is the first install
Then just hit the Sync option from the left menu to start the synchronization; you will be asked to define a mail server to use for sending directory synchronization results as well as the recipient(s) before starting the synchronization
This is it, the synchronization tool is now synching your internal directory with Yammer
IMPORTANT you must logon first on Yammer with this account and then activate the Yammer account thanks to the activation link sent
Update – November 29th add the spam notification
With the update of Office 365, Exchange Online has been updated to Exchange 2013 (as you already know) but also ForeFront Online Protection for Exchange (FOPE) as well.
In this post, here are some key points after the upgrade of FOPE – especially to manage quarantined mails.
This is important as no more quarantine notification will be sent – apparently as I had few mails marked as spam but was not notified
Accessing the quarantine is done through the Exchange Administration Center (EAC) using the Exchange option below the Admin menu on the top right
Then just click on the Protection section on the left menu
If you don’t get the next screenshot, this means your FOPE tenant is not yet upgraded and you have to continue to use the “old" version thanks to the link provided.
Once you get the Protection section, just click on the quarantine menu to get all mail marked as spam and put in quarantine – default retention is defined to 15 days
Then you can
Select the message you want to release and hit the envelope icon
You will get the 2 release options; at least during the first time, I would recommend to report all false positive spam to avoid to get to many wrong spam
Just follow the wizard to release the mail; it very simple as there is almost nothing to do except confirm the release and/or the report as false positive
If you just release the message (without reporting), you can choose to release to all original recipients or to specific recipients – NOTE this is not available if you report as false positive, all original recipients will get the message
On a next post, I will cover the updated mail flow.
The content filter is used to configure the spam policy.
By hitting the Content Filter link, you will get all the associated domains and your Office 365 domain – ie your tenant
This list has been automatically filled based on the previous configuration from your old FOPE tenant.
If you want to start a new configuration, just hit the new button, you will be able to configure all the options described later.
You can define different policy for each domain; just select the domain to be updated and click the Edit button
Then go to the Actions section from the left menu to define action when a potential spam is detected
Using the International Spam section allows you to define specific countries, regions or languages to block and mark as spam. I would recommend to implement sort of testing with this section before as ALL message which match the countries, regions or languages defined will NOT be delivered to the recipients, so you may loose some real message
The last option is used to configure Advanced options to increase the spam score for emails with specific content or value. Once again with this option I would recommend testing before setting up in production
Finally you can define to which users, groups or domains the policy applied
Still while within the content filter section, select the rule and hit the Configure end-user spam notifications... link shown on the right side
You will be able to define the delay before sending the notification and the language to use; by default this is not enabled
If you are Office 365 administrator and have a Windows Phone 8, this is for you
Microsoft has released a Windows Phone 8 app to follow up the Office 365 health state – this is a good starting point but would be nice to have more administration options, such as reset password, create user…. Hoping this will come with a later update
With Windows 2012 R2 and Windows 8.1, Microsoft starts to simplify the BYOD – Bring Your Own Device.
Indeed, on Windows 8.1 (this is not available with Windows 8, so upgrade for free your Windows 8 device ), a new feature called Join Workspace allow end-users to connect and use corporate resources without being obliged to join the domain.
To be able to use this feature, the following is required:
Once ADFS has been installed and configured, you must enable the feature called Device Registration.
To do so, open a Windows PowerShell window (run as administrator) and execute the following commands
If you don’t configure this binding, you will have an error stating that the workplace is not working: Confirm you are using the correct sign-in info, and that your workplace uses this feature. Also, the connection to your workplace might not be working right now. Please wait and try again.
My Windows 8.1 device is not member of the Active Directory domain
You should also see the following event in the Event viewer of the ADFS server, below the Application and Services Logs\Device Registration Service\DRS/Admin tree
Log Name: DRS/Admin Source: Device Registration Service Date: 11/18/2013 4:37:58 PM Event ID: 149 Task Category: None Level: Information Keywords: Device Enrollment User: FsGmsa$ Computer: <ADFS Server> Description: Successfully enrolled device for user <user logon>.
Microsoft is providing a new online troubleshooting tool for Office 365 services. This one has to be used for Lync Online sign-in issues.
This online troubleshooting tool is based on experience learned by Office 365 support team over the last 9 months.
The first step is to go to http://aka.ms/LyncSignIn and follow the troubleshooting wizard
Select who is having sign-in issues – user specific, group or everyone within your organisation
Depending of your selection, next actions/options vary
If actions/options proposed don’t help, additional steps will then be proposed (such as try to logon from another device, run WindowsUpdate or check system time configuration…)
Enjoy with this new troubleshooting tool which may help to quickly understand what is happening and so restoring the service to your users
I know this is a very small thing but it will change a little bit our day to day mailbox management
With the November 2013 updates for Office 2013, a new option is now available from ANY folders within a mailbox hosted on Exchange. Yes, this is only available for Exchange mailbox as the feature in question is the recover deleted items.
Before the November 2013 update, to recover a deleted items, you had to go to the Folder tab and click on Recover Deleted Items.
With the update, this option is NOW available from any folders on your mailbox
UPDATE - November 23rd - a new version has been released. The version is 1.0.6567.0018
UPDATE - November 12th - this version and reference associated has been removed. Many issues have been introduced, such as filtering not applied or corruption in display name (not everyone has been impacted anyway)
Recently – in fact yesterday, November 4th, Microsoft has released a new version of the Directory Synchronization tool which now can be installed on domain controller.
You can download it from http://go.microsoft.com/fwlink/?LinkID=278924
Procedure for installation on domain controller is here http://social.technet.microsoft.com/wiki/contents/articles/17370.best-practices-for-deploying-and-managing-the-windows-azure-active-directory-sync-tool.aspx#A11
For those who wants/had already deployed Windows Server 2012 R2 to host the Office 365 Directory Synchronization tool, you can do it.
DirSync is fully functional on Windows Server 2012 R2 even if it’s not yet documented.
Don’t forget ensure to use the latest version of DirSync available from http://go.microsoft.com/fwlink/?LinkID=278924