Five years of blogging and 1,000,000 hits!

ThankYou!First off, thanks to all who have visited and given feedback to the blogposts. I am stoked that my blog now has more than 1,000,000 hits. Since I started blogging in 2009 it has been the place where I post my notes from the field, collections of links and Thoughts on UC.

Some of the most popular blogposts of all time

  1. Installing Exchange 2010 Prerequisites on Server 2008 R2
  2. Enabling Lync Server 2010 for Lync Mobile Clients
  3. Installing Lync Server 2010 Prerequisites on Windows Server 2008 R2
  4. Configure Exchange 2010 InternalUrl PowerShell script
  5. Lync Server 2010 features and how to configure them
  6. Lync Server Mobility Troubleshooting Tips
  7. Lync Server 2010 Troubleshooting Tips
  8. Installing OCS 2007 R2 Prerequisites on Windows Server 2008 R2
  9. Script for Configuring Exchange 2010 Internal and External URLs
  10. Lync Server Front End: Lost connection to the Web Conferencing Edge Server
  11. Lync client sign-in and DNS records recommendations

Some of the most popular blogposts the year of 2014

  1. Installing Exchange 2010 Prerequisites on Server 2008 R2
  2. Lync client sign-in and DNS records recommendations
  3. Enabling Lync Server 2010 for Lync Mobile Clients
  4. Lync 2013 Downloads
  5. Configure Exchange 2010 InternalUrl PowerShell script
  6. Lync Server Mobility Troubleshooting Tips
  7. Troubleshooting Office Web Apps Server for Lync
  8. You see only a white screen when viewing Lync 2013 desktop sharing
  9. Installing Lync Server 2010 Prerequisites on Windows Server 2008 R2
  10. TEL, SIP, mailto, and Lync meeting links association

Where do the all time visitors come from

  1. Search engines
  2. TechNet Forums
  3. Twitter

Some thoughts on the activity

  • People are still installing Exchange on Server 2008 R2 :)
  • The old blogposts from 2010 are still relevant
  • Twitter is a relevant platform to reach out to my audience as it is number three all time source for visitors
  • The type of article that drives recurring hits are
    • the ones that solves a specific problem
    • troubleshooting guides
    • link repositories
    • articles explaining how stuff works
  • I also use this blog as a landing page for all my content, but articles like this one will not drive much recurring users, but helps me communicate my thoughts in a better format than the 140 characters on Twitter :)
  • I always try to remember to blog solutions I find to strange problems, typically the solution was tips from multiple sources and by collecting them and describing how I solved the problem is a good blogpost, and will help others having the same problem.


The amount of hits really motivates me to continue share my experiences as an IT-PRO with solutions to problems, but also highlighting not so mainstream knowledge like I do in my LyncPro Tips series and Thoughts on UC YouTube series. Thank you for your continued support :)


On December 23 2014 reached 1,000,000 views!

Change the default Calendar AccessRight on all mailboxes to Reviewer

Back in july 2010 I created a script to set the default AccessRight to Reviewer for Exchange 2010. This was a new feature for Exchange 2010 that we could use the command Set-MailboxFoldersPermission to change AccessRights on specific folders on the server level. As the calendar is a folder we now could do this organization wide using PowerShell.

The reason for creating this script is when migrating customers in Norway most of them want to allow everyone to use side by side calendaring in Outlook and Oulook Web App. In Exchange 2003/2007 we needed to instruct users how to set Default to Reviewer. This script sets it for all users. The script works for both Exchange Online and Exchange Server 2010. For Exchange 2007 check out this post on how to do it:

Get the script here:

What the script does

As the picture shows you get three menu items.

  1. Will set the permission on all users and resources
  2. Will set the permission on all users and reources created the last 30 days
  3. Will give a user you specify Editor access to a mailbox you specify
    • This is good for switchboard or secretary functions

How to run the script against an Exchange Online environment

  • Connect to Exchange Online through PowerShell Remoting
$cred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $cred -Authentication Basic -AllowRedirection
Import-PSSession $Session
  • Set Execution Policy to unrestricted
Set-ExecutionPolicy Unrestricted
  • Run the script by copying the script, saving it as a ps1 file, navigate to it in PowerShell and start typing set-Cal and hit TAB to use TAB completion


Administering Microsoft Office 365 using Windows PowerShell:

Archiving in Exchange Server 2010 vs Symantec Enterprise Vault

When Exchange 2010 was released in RTM it introduced a new feature called Archive Mailbox. In RTM this Archive Mailbox had to be collocated in the same database as the main mailbox of the users. In Exchange Server 2010 SP1 the Archiving Mailbox feature was updated with the ability to have the Archive Mailbox located in a different database than the main mailbox.

When designing solutions for customers on Exchange Server 2010 I often get asked why they need archiving in the first place and is Exchange 2010 archiving good enough compared to Enterprise Information Archiving solutions such as Symantec Enterprise Vault. The answer is complicated, and it depends greatly on the customer needs and their users. To answer this you need to understand what Exchange archiving really is and how it differs from Enterprise Information Archiving. to answer this we look to Gartner.

Gartner has been publishing a Magic Quadrant for E-Mail Active Archiving since 2002 featuring products that does Enterprise level archiving of emails. They now see an increase in end-user demand of same type of archiving for additional content types such as files shares, Sharepoint and IM. That is the reason for Gartner in 2010 to release a new Magic Quadrant replacing the old. They now call it Enterprise Information Archiving. Vendors featured in this version need to be able to archive e-mail, file, Sharepoint and IM. Below is the latest Magic Quadrant for Enterprise Information Archiving (EIA):

We see in this quadrant that Symantec is a leader with its Enterprise Vault product. These are the key points for the reason of why EV is in the leader quadrant

  • It’s a mature product with the largest worldwide base of enterprise customers
  • It archives mail, Windows file systems, Sharepoint and IM
  • Virtual Vault enables users to manage and view their archive data using a familiar GUI experience
  • Tight integration with is backup products
  • Enterprise level E-Discovery
  • Support for Exchange 2010 SP1 and Microsoft BPOS

Microsoft Exchange Server 2010 is not part of the EIA Magic Quadrant. Gartner gives the following statement about why:

“Exchange 2010 archiving is a good choice for organizations that have never implemented archiving and are struggling with rapid, unmanageable growth of historical e-mail, or are looking for organizations that are looking to replace PST files with a more efficient and secure archiving capability. Because there is no support for files or other content types beyond e-mail, Microsoft’s archiving capabilities are not rated in this Magic Quadrant for EIA”

This is the essence of the Exchange Server 2010 archiving feature, it is an online PST archive with entry level archiving features. Knowing this, it boils down to the following questions:

  1. When is Exchange 2010 archiving good enough?
  2. When does the need for Enterprise Information Archiving like Symantec Enterprise Vault arise?

Koen Vermoesen has created a feature comparison between Exchange 2010 and Enterprise Vault in this article:

The feature Comparison between Exchange 2010 SP1 and Enterprise Vault 9.0 should be a good starting point to decide what solution to choose. I have updated it with some additional information. The conclusion in the feature comparison is noteworthy.


Microsoft Exchange
Server 2010

Symantec Enterprise
Vault 9.0

Archiving Targets

Exchange Server

Exchange Server

Lotus Domino

Sharepoint Server

File Servers


SP1 to store primary and secondary mailboxes in separate databases

Support for E2K10 from SP1 onwards

OWA or Outlook 2010/2007 to access the archives

Outlook 2003/2007/2010


Additional client software required


Seamless integration, both client and server-side; pst-like

Training required for both the Administrator and the end-user

Mailbox search and conversation view work across both mailboxes

Additional technology


“Stubs”, Archive Explorer look “different” to the end-user

Virtual Vault looks just like a pst and mailbox search work across mailbox and Virtual Vault


Offline Archive Support


Offline Vault


Exchange databases



Special options like WORM, lots of choice

PST Migration

Gathering of PST is manual. Need to be imported using Outlook or Powershell

PST files can be added both from local computers and NFS with limited user interaction using collector tools

Legal Position




Easy (?)

Hard (?)



In place upgrades not supported, need to do swing migrations

Cannot skip major versions. Full reinstall even for SP’s


Need to pay attention to compatibility both for client and server-side software


Enterprise CAL’s (Client Access Licenses) required

Additional software to license

Possibly additional server licenses

Additional hardware, can be virtualized with less than 1000 users, or low mailflow.



Separate SQL server in large deployments




Low end alternative for pst-files for the first time ever

If you want to archive…

… for seamless PST import

… for legal reasons

… multiple targets

… to specific storage solutions




Gartner Magic Quadrant EIA october 2010: 

Solved: OCS 2007 R2 integration with Exchange UM when mobile phone is primary number

I am proud to announce that we have solved a problem we had with Exchange UM integration with OCS 2007 R2 when the users mobile phone is the primary number.

Background information

In Norway and Scandinavia it is normal for end users to have a mobile phone as work and private phone. A lot of companies in Norway have adopted mobile phone number as their primary phone numbers and can only be reached using this types of numbers. Traditionally the operators have offered their customers net centric logic for their call handling and switchboards and using only mobile phones as terminals. Since the users use the same phone at work and privately they only have their mobile number and the numbers follow the users and not the company. When we started deploying OCS 2007 R2 for these companies they wanted the solution to be built with using mobile phone numbers as primary number when calling from Communicator. Operators in Norway such as Telenor and Netcom are therefore offering IP Trunks that can integrate with OCS 2007 R2. With these IP Trunks they can rewrite the callers number from a PSTN number to mobile phone number before the call reaches the PSTN network and by that realizing single number reach. And when the called party calls back to the mobile phone number the OCS PSTN number is called at the same time using Dual Forking provided by the operator. This is how single number reach is realized when mobile phone is the main number and it works great. The end user do not have a clue what their real number in OCS is.

The Problem

If you throw Exchange UM into this mix with single number reach and mobile phone as primary number you get an issue. The integration itself works fine and as expected. The problem occurs when the users log off their computers and go to meetings, drive home or are generally not logged in. What happens is that when you are not logged in to Communicator and someone calls you. OCS will answer the call after under a second, ignoring the users call forwarding settings in Communicator,  and forward it to Exchange UM resulting in users loosing the call on the mobile phone. Exchange UM therefore breaks the solution. This is by design and we have not been able to implement Exchange UM in the UC mix in these scenarios until now.

Why Exchange Unified Messaging in conjunction with OCS

So why are we so eager to implement Exchange UM in these scenarios? When using the operators own net centric voice mail features we loose some technology and integration. By default the users get an SMS telling them they have a new message, and they can call in and hear the message. A lot of users set up their voice mail settings so that it sends an email with a wav file of the message to their inbox. After listening to the wav file and archive it or delete it, they still get the sms with the unheard message and there is no integration with their inbox and that they have already possessed it. Resulting that the SMS can tell them they have several unheard messages and that not being true. That is why we want to have Exchange UM deployed to have a complete UC solution.

Exchange UM has a couple of advantages to name a few:

  • Integration with Exchange inbox, messages that are heard/read from Outlook, Outlook Web App or mobile phone through ActiveSync, are also read when calling the Exchange UM service
  • Call back functionality directly for outlook Web App, you can have Exchange UM call you and play the message on the phone of your choosing
  • Note field integrated in Outlook and Outlook Web App, gives you the ability take notes in outlook while listening to the message, save them and have them indexed
  • You can call Exchange UM and rearrange you calendar, a good thing when you are late for a meeting and in a car travelling
  • Read more about the Exchange UM server role here:

The solution

I have spent the most part of a year to find someone to help med with this. After some research I found out that it was possible to work around this using Front End Scripts and a program to put the call on hold for a given period of time. This summer I came in touch with a Scandinavian developer company called Competella. They develop application based on the UCMA (Unified Communications Managed API) and are currently developing an switchboard attendants that integrate call control with an advanced directory search tool, access to presence, calendar, e-mail and IM. The system adds attendant call control functionality to the Microsoft OCS beyond the level found in legacy PBXs. They developed a script and a program that checks the status of the user. If the user is offline it will put the call on hold for 20 seconds before forwarding it to the Exchange UM and by that solving the problem we have with single number reach using mobile phones and Exchange UM. This also works if the user has the status “in a mobile call” set by third party programs that get free/busy status from the operators on the users mobile phones.


By using the script and program from Competella we are now able to complete our UC deployments with Exchange UM when mobile phone is the primary number in a single number reach scenario. With this we can realise enterprise voice mail for mobile phones as well as OCS/Lync.

How to check SRV records for OCS and Exchange

A critical part of an OCS deployment is SRV records for automatic sign in. It is critical that these are present and configured correct. An easy way to check them is using nslookup. Below are how to check SRV records and what SRV records need to be present.

  1. Open cmd
  2. Type: nslookup
  3. Type: set type=all
  4. Type the SRV record to list its content

For OCS 2007 R2

  • External
      • Usually points to Access EDGE FQDN on port 443
      • Usually points to Access EDGE FQDN on port 5061
  • Internal
      • Usually points to Pool name with correct sip domain on port 5061

For Exchange 2007/2010

  • External autodiscover
      • Usually points to owa FQDN listener with NTLM negotiate on port 443

Error Opening EMC in Exchange 2010

[tweetmeme source=”stalehansen” only_single=false]This post is a note to self to remember this the next time I encounter a similar problem. Article first published:

Problem: Receiving following error on Exchange 2010 server after opening EMC and expending Mailbox tab under organization configuration. An error caused a change in the current set of domain controllers. It was running command ‘Get-FederationTrust”


Possible causes:

To be honest first thing I checked was to make sure Exchange server is able to talk to all domain controllers as its configured on its TCP/IP properties.Also as always check to see anything catches your attention under application logs. Fair enough I was able to locate the event log “2080” MsExchangeADAccess” was showing me one DC only, however the TCP/IP stack was configured to talk to secondary DC.


Make sure Exchange is able to talk to all DC’s within its “Site”. Above example the second DC was not even discovered by MSExchange AD access, due to replication problems existed among the DC’s in the  site where exchange is residing. After fixing the relocation issues and restarting MSExchangeADTopology service took care of the error.


Some other people who had same error assumed to fix this issue by deleting the local profile ( corrupted profile) for the user account they logged into Exchange server. So if the above solution does not work, try this:

This error is actually a false error, and is caused by GUI caching, more specifically MMC caching. This occurs when a DC (domain controller) that is either unreachable or has changed in some way is still cached by the MMC applet. To fix this issue by removing the cache and basically resetting the MMC applet do this:

 Delete this file: “c:\users\<specific user>\appdata\roaming\microsoft\mmc\Exchange Management Console


New Features in Exchange 2010 SP1 and How to Configure Them

[tweetmeme source=”stalehansen” only_single=false]Lately I have seen a lot of good articles about what the new and improved features of Exchange 2010 SP1 are and also a lot about how to configure these features. This post is written while Exchange 2010 SP1 is still in Beta so the information provided may be a little off from the released version later this year. I wanted to collect the posts I find interesting here so I have them all in one place when I will deploy SP1 to my customers.

Here is the main new features in Exchange 2010 SP1 and how to configure them

 Some minor changes in how to configure some features

You can find a longer list of new features here:
TechEd 2010 Interviews with folks from the Exchange Product group about SP1:

Exchange 2010 RTM and SP1 OWA Integration With OCS 2007 R2

[tweetmeme source=”stalehansen” only_single=false]I recently integrated Exchange 2010 RTM OWA with OCS 2007 R2 for chat and presence. Having read some blog posts about how to implement the feature I decided to blog how I got this feature working based on these blogs and my own findings. I will cover the steps for both the Exchange 2010 RTM and SP1 versions since the steps are different.


  1. Download and install OCS 2007 R2 Web Trust Tool on the Exchange 2010 server
    2. Locate and install the following files in elevated mode by running cmd.exe as administrator
      • vc_redistx64
      • UCMAredist.msi
      • CWAOWASSP.msi
  2. If the Exchange 2010 server is running on Server 2008 R2 you also need to install the latest cumulative hotfix update for OCS 2007 R2 on the Exchange server
    2. Download and run ServerUpdateInstaller.exe
    3. Also download the latest update for UCMAredist that is not included in CU5
    4. Reboot the server

Configuring Exchange 2010 RTM

NOTE: The below steps need to be done on all Exchange 2010 CAS servers in you deployment

  1. Download and run the PowerShell Script found in the below link
    2. The script will not configure anything
    3. It takes backup of web.conf and  generates the configuration you manually need to add the web.conf file
    4. The script makes it easy to generate the correct syntax for populating the below keys 
  2. Navigate to the web.conf file
    1. C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa\web.conf
    2. Edit the file and search for the string IMPoolName
    3. Replace the three “add key” strings with the ones provided with the script
  3. In Exchange Management Shell run the following command to configure OWA Virtual Directory
    • Get-OwaVirtualDirectory -Server "CasServer" | Set-OwaVirtualDirectory -InstantMessagingType 1
      • NOTE: The RTM documentation states OCS, but that don’t work. Use 1 as InstantMessagingType
  4. Run IISreset in PowerShell

Configuring Exchange 2010 SP1

The Exchange 2010 SP1 guide is based on this great post written by Martin Sundström: The configuration on Exchange is now moved from web.conf to the per server OWA Virtual Directory. I will definitely create a script automating the below process when I get more hands on :)

NOTE: The below steps need to be done on all Exchange 2010 CAS servers in you deployment 

  1. Get the active Exchange 2010 certificate using this command in Exchange Management Shell 
    • Get-ExchangeCertificate | Where-Object {$_.Services -match "IIS"} | Get-ExchangeCertificate | fl thumbprint,subject
      • This command gets the active certificate on the local server, because only one certificate can have IIS as service at a time
  2. Use the thumbprint and OCS pool FQDN in the command below
    • Get-OwaVirtualDirectory -Server "CasServer" | Set-OwaVirtualDirectory -InstantMessagingCertificateThumbprint 4DC1EE3506E06E971FF82AC8DD60015EAC11B21E -InstantMessagingServerName ocspool01.domain.local -InstantMessagingType OCS -InstantMessagingEnabled $true
      • NOTE: This time we use OCS as InstantMessagingType
  3. Run iisreset

Configuring OCS 2007 R2

In order to allow the Exchange 2010 server to communicate with OCS using SIP containing presence and chat you need to add every Exchange 2010 CAS servers as authorized hosts on OCS.

  1. On your OCS R2 Pool server configure authorized host
    • NOTE: Your user needs to be member of the RTCUniversalServerAdmins group
  2. Open Office Communications Server R2 under Administrative Tool
  3. Expand forest and Enterprise pool or Standard Edition Servers depending on you deployment
  4. Right click your pool and choose properties->Front End Properties
  5. On the Hosts Authorization tab
  6. You need to add the Client Access server FQDN and configure as the below image 
    • NOTE: This is the FQDN of your subject name (CN) on the certificate used on the CAS server


Troubleshooting the Installation (RTM)

Next are a few troubleshooting steps that can assist with some of the more common problems encountered with Exchange/OCS integration. I found these valid troubleshooting steps on Rand Morimoto’s post:

Configuring the Firewall on the CAS Server

If the Client Access Server has the Windows Firewall enabled, it might need an exception to enable OCS 2007 R2 to communicate with it. To create the exception, perform the following steps:

  1. From the Control Panel, open Windows Firewall 
  2. On the left side of the Windows Firewall window, click .“Allow a Program Through Windows Firewall.
  3. Click Add Program; then click Browse.
  4. Browse to C:\Windows\System32\inetsrv and select w3wp.exe.
  5. Click Open and then click OK twice to apply changes and close the window. Be sure to perform this step on all CAS servers with IM integration enabled.

User Configuration

  • Before the user community can utilize the IM features, they must be “provisioned” for Office Communications Server R2 and must be enabled for Enhance Presence. When the user is initially enabled on OCS 2007 R2, he will automatically be enabled for Enhanced Presence.
  • Users must also have a valid SIP proxy address for the OWA IM integration component to enable the IM Integration UI.
  • When attempting to view the Instant Messaging contact list, a user might receive a notification that states
    • Instant Messaging Isn’t Available Right Now. The Contact List Will Appear When the Service Becomes Available.
  • If this occurs, perform the following steps:
    1. Using the same user account, confirm that you can access the IM services using the Office Communicator 2007 R2 client.
    2. If functional, confirm that the OCS Server name is properly entered in the Web.Config file of the CAS server.
    3. Also confirm the configuration of the Authorized Hosts option on the OCS pool contains all IM Integrated Client Access Servers.

OWA Certificate Error

If OWA cannot locate the certificate, an error stating The Local Certificate Specified Was Not Found in the Store for the Local Computer appears.

In this case, confirm that the value of the OCSCertificateIssuer and OCSCertificateSerialNumber fields in the Web.Config file are correct. Also ensure that there are blank spaces between every two characters in the serial number to separate octets in the string.


Chris and Robin’s Technology blog:
Martin Sundström:
Rand Morimoto:

Script for Configuring Exchange 2010 Internal and External URLs

[tweetmeme source=”stalehansen” only_single=false]In Exchange 2010 you need to set the Internal URLs for various services on the Client Access Server. Outlook 2007/2010 uses Autodiscover to connect to the Exchange server. If the Internal URLs are configured wrong you could get certificate errors when logging on to Outlook as well as errors when using free busy and oof services internally. Also when deploying Outlook Anywhere you need to configure the External URLs correct for the same services to work.

This script may come in handy in the following scenarios:

  • Initial configuration, avoid typos
  • Expansion in the infrastructure with load balanced CAS
  • Change in internal FQDN if you change certificate name
  • When you have a total disaster on site 1 and need to fail over to a second site with a passive DAG server that holds all server roles

Please keep in mind:

  • The Script is developed for Exchange 2003 coexistence and migration scenarios
  • The script must not be run in an Exchange 2007 coexistence and migration scenario
  • For InternalURL the script will look for a CASArray (It is recommended to create a CASArray in any scenario)
  • The script assumes there is only one ADsite

About the script:

  • First you will be presented with som choices on what to do
  • InternalURL will autoconfigure based on CASArray
  • ExternalURL will prompt for public FQDN and assume one external address
    • Will use same FQDN for OWA, ActiveSync, Autodiscover and so on
  • Will prompt for Exchange 2003 URL
  • All configuration will output the changes made


Update 27.05.2010:

  • Added support for Exchange 2007 and Exchange 2007/2010 coexistence scenarios.
  • The script will check for Exchange version before applying any settings.
  • When applying Exchange 2010 Internal URL the script will match the CAS servers to the correct CASarray in the correct ADsite


Update 28.05.2010

  • Added option for checking current configuration
  • Corrected some errors on the Exchange 2007 configuration and listing of URLs
  • Tested in Exchange 2007 only deployments and Exchange 2010 and 2007 coexistence deployments

 The Script can be viewed and downloaded here:

My TechNet Live Exchange 2010 Screencasts are Now Online at TechNet Edge

[tweetmeme source=”stalehansen” only_single=false]This year I got the honour to be the speaker at the Exchange track on TechNet Live in Norway. TechNet Live is hold in the four largest cities in Norway every year and this year it was about 1800 attendees for all the cities. Below are the Screencast from my sessions in Bergen. The presentations are in norwegian.

Session 1: Exchange 2010 Installation and Migration. Talks about:

  • Some new features in Exchange 2010
  • How to prepare before an installation
  • How to Migrate to Exchange 2010
  • How Client Access coexistence works
  • Gotchas during the first Exchange 2010 migrations
  • Download PDF

Session 2: Exchange 2010 Performance and Scalability. Talks about:

  • Memory and Processor requirements
  • Virtualization
  • Planning for Scalability
  • Some new High Availability features
  • Walks through some new HA scenarios for Exchange 2010
  • Download PDF