Trojan downloader Chepvil on the UPSwing – Microsoft Malware protection center

A new spam campaign using UPS (United Parcel Service) as a social-engineering draw was initiated this week.

The spammed message contains an attachment, detected as TrojanDownloader:Win32/Chepvil.I.

The spam campaign actually started around March 16th 2011. The threat was originally detected as Backdoor:Win32/Hostil.gen!A (was Backdoor:Win32/Hostil.F).

More specific signatures (TrojanDownloader:Win32/Chepvil.I and TrojanDownloader:Win32/Chepvil.J) were added on March 22nd 2011.

Encyclopedia entry – Microsoft Security Portal Updated:        Mar 26, 2011        |  Published:        Mar 25, 2011..Click here for more info

Exchange 2010 – Attachment size – Global setting (for Send & Receive)

Attachment size setting inside Exchange server 2010 for global user settings.

  • Go to your mailbox server
  • open EMC
  • goto Organization configuration
  • goto Hub Transport
  • select global setting tab

Edit the Transport settings and change the parameters as below.

Once you done it, click Apply and ok

Remember one thing, the more you increase the size of the attachment, the load on the CAS & Edge server increase…plus the Virus scanning engine too.

Thats all folks!!!

Exchange server 2010 CAS array to MAPI load balance – Detailed

Most of you guys must have experience the scenario when “Outlook connection lost….” even if you have Exchange server 2010 (with Edge, 2 clustered H&C and 2 DAG configured MB) and Outlook 2010 in place. The reason is that, when you are doing a maintenance on one of the H&C, and if the client is connected to that H&C, communication to the MB is lost. The reason for this is that the cluster load balancing on the H&C cluster handler is not in place, even if the cluster name is published in the DNS server.

In Exchange 2007, 5 server roles that performed distinct functions within the Exchange organization. One role in particular – the Client Access server role – introduced a variety of new Web services, including the Availability service, the Auto discover service and Calendar Concierge services.

In Exchange 2010, same 5 server roles exists. However, there are some significant architectural changes and some shift in responsibilities. The most significant change in Exchange 2010, two new services on CAS called the RPC Client Access and Address Book services establish the RPC (Repote Procedure Call) endpoint for MAPI(Messaging Application Programming Interface), NSPI(Name Service Provider Interface) and RFR (Request for Response) client access. This new functionality replaces the RPC endpoints in the Information Store. The RPC endpoint in the Information Store has not been removed in Exchange 2010, but it has been modified to only accept requests from CAS servers. The RPC endpoint for public folder database access remains on the Mailbox server, however, Outlook clients now communicate directly with the RPC Client Access service on the Mailbox Server for public folder database access, and not with the Information Store.

When CAS starts communicating with the Mailbox server, it makes sense to view it as the Client Access server communicating with the Mailbox database via the Mailbox server that hosts the database. This is especially evident in a load-balanced array of Client Access servers and/or where your environment is configured to use Database Availability Groups that are associated with a Client Access server or Client Access server array.

  • In a non-load balanced environment, the mailbox database is associated with only a single Client Access server.
  • In a load-balanced environment, the Mailbox database is associated with the load balanced array of multiple Client Access servers.

By default, before a Client Access array is configured,

  • all databases are associated with a Client Access server in the environment
  • the Outlook clients communicate directly with the Client Access server until the association with the database is updated to be the Client Access array.

In order for the clients to utilize a CAS array

  1. Create a Client Access array with an FQDN (Fully Qualified Domain Name).
  2. Load balance your CAS servers in a CAS array by whatever method you choose – Both Hardware LB or Windows Network LB are supported load balancers
  3. Add the Client Access servers within the AD site to a load balanced array and in DNS associate the unique FQDN to the Virtual IP of the load-balanced array.
  4. Configure your load balancing array to load balance the MAPI RPC ports – TCP 135, UDP/TCP 6005-65535; or set static ports
  5. Configure the databases to utilize the CAS array… Use the new-clientaccessarray cmdlet to create the CAS array object. Eg: New-ClientAccessArray –Name “Tromso CAS Array” –Fqdn” –Site “SITEA”

How to Setup!!!..

Goto one of the CAS server where the NLB is ( to read more about New-ClientAccessArray cmdlet, click here )

[1] Check is there are any pre-created CAS Arrays. PS Command : Get-ClientAccessArray

[2] Create new Client Access Array. Run the Cmdlet in EMS New-ClientAccessArray -Fqdn -Site “Redmond” -Name “”

[3] Associate databases with this CAS Array –

Use this CMDLet to add mailbox database to CAS array. Add all mailbox databases at once – Get-MailboxDatabase | Set-MailboxDatabase -RPCClientAccessServer “”

Now the best part –

Configuring Outlook 2010 using Auto Discover

If you already configured Outlook client, Close the outlook, then goto Control Panel->Mail and change the Server name to the new CAS NLB name

If you are going to use a new outlook configuration, Auto discover will return the new CAS NLB name.

Thats all folks!!! Enjoy!!!

Cloud power – Microsoft

Microsoft provides the most comprehensive approach to cloud computing, so that you can harness the full power of the cloud on your terms. Whether in your datacenter, with a service provider, or from Microsoft’s datacenters – and whether in a private cloud, public cloud, or software as a service environment – Microsoft provides the flexibility and control to consume IT as a Service whichever way best meets your unique business needs.

Free Trial Introductory Special: Includes 750 hours of an Extra Small compute instance, 25 hours of a small compute instance, 1GB Web Edition database and more. Usage in excess of the base amount is charged at normal rates. Valid through June 30th, 2011.
Microsoft Hyper-V Cloud

To help you deploy commercial private and public clouds based on Windows Server 2008 R2 Hyper-V, System Center, and related products, Microsoft offers a set of programs and initiatives called Hyper-V Cloud…to know more, click here

Key Hyper-V Cloud Programs

To help you get started building your own private cloud with Microsoft products…click here

For pre-validated configurations from Microsoft and OEM server partners…click here

For partners who can host a dedicated private cloud for you….click here

What’s new in Windows Server 2008 R2 with Service Pack 1

Windows Server 2008 is the most advanced Windows Server operating system yet, designed to power the next-generation of networks, applications, andWeb services. With Windows Server 2008 you can develop, deliver, and manage rich user experiences and applications, provide a highly secure network infrastructure, and increase technological efficiency and value within your organization. Windows Server 2008 R2, now with Service Pack 1 (SP1) provides new virtualization technology that enables you to deliver more advanced capabilities to your business for increased IT efficiency and agility. Whether you want to consolidate servers, build a private cloud or offer Virtual Desktop Infrastructure, the addition of these powerful virtualization features enables you to take your datacenter and desktop virtualization strategy to a new level.

Windows Server 2008 R2 with SP1 Product Overview
Windows Server 2008 R2 with SP1 builds on the award-winning foundation of Windows Server 2008, expanding existing technology and adding new features. Just a few of the enhancement in this release include new virtualization tools consisting of an updated version of Hyper-V with Live Migration and Dynamic Memory, Remote Fx in Remote Desktop Services, improved power management, and added features with Windows 7 integration such as BranchCache and Direct Access. Have greater control and the ability to react to business needs faster than ever before with powerful tools such as Internet Information Services (IIS) version 7.5, updated Server Manager and Hyper-V platforms and Windows PowerShell version 2.0. More info about Windows Server 2008 R2 with SP1 Product Overview

Virtualize your Server and Desktop Infrastructure
Virtualization is a major part of today’s data centers. The operating efficiencies offered by virtualization allow organizations to dramatically reduce operational effort and power consumption. Windows Server 2008 R2 with SP1 provides the following virtualization types: Client and Server virtualization provided by Hyper-V and Presentation virtualization with Remote Desktop Services.

New Virtualization Technology in Hyper-V

Since the Windows Server 2008 release, Microsoft has introduced a new version of Hyper-V. Included as part of the Windows Server 2008 R2 with SP1 operating system, Hyper-V contains a number of core areas of improvements for creating dynamic virtual data centers and cloud computing, namely private cloud.  These improvements provide you with increased availability and performance, improved management, and simplified methods for deployment including live migration.  And, when combined with System Center, you are able to build out a dedicated private cloud environment to transform the way you deliver IT services to the business, using the infrastructure as a service (IaaS) model. Learn more about Hyper-V in Windows Server 2008 R2 with SP1.

Remote Desktop Services – Expanded Features in Remote Desktop Services

Remote Desktop Services provides users and administrators with both the features and the flexibility necessary to build the most robust access experience in any deployment scenario. To expand the Remote Desktop Services feature set, Microsoft has been investing in the Virtual Desktop Infrastructure, also known as VDI. VDI is a centralized desktop delivery architecture, which enables Windows and other desktop environments to run and be managed in virtual machines on a centralized server. Learn more about the Virtualization Platform in Windows Server 2008 R2.

Virtual Desktop Infrastructure (VDI) : It’s an emerging architectural model where a Windows client operating system runs in server-based virtual machines (VMs) in the data center and interacts with the user’s client device such as a PC or a thin client. Similar to session virtualization (formerly known as Terminal Services), VDI provides IT with the ability to centralize a user’s desktop; instead of a server session, however, a full client environment is virtualized within a server-based hypervisor. With VDI, the user can get a rich and individualized desktop experience with full administrative control over desktop and applications. However, this architecture, while flexible, requires significantly more server hardware resources than the traditional session virtualization approach. To read more about Enabling Server Virtualization and Virtual Desktop Infrastructure (VDI)

Key benefits of VDI are:

  • Better enablement of flexible work scenarios, such as work from home and hot-desking
  • Increased data security and compliance
  • Easy and efficient management of the desktop OS and applications

VDI Standard Suite and VDI Premium Suite
Microsoft provides two suite offerings to purchase and deploy VDI: Microsoft Virtual Desktop Infrastructure Standard Suite (“VDI Standard Suite”) and Microsoft Virtual Desktop Infrastructure Premium Suite (“VDI Premium Suite”). These two suites make it simple for customers to purchase the comprehensive Microsoft VDI infrastructure and management software, while providing excellent value amongst competing VDI offerings.

The Microsoft VDI Standard Suite is a complete VDI offering which offers the following features:

  • Desktop Delivery: Basic connection broker to deliver personalized and pooled virtual machine-based desktops in low-complexity environments
  • Web-based remote access and full-fidelity end user experience with Microsoft RemoteFX
  • Application Delivery: Separation of application layer from image with app streaming
  • Reduces app-to-app conflicts and need for regression testing
  • Easy application life cycle management via policies
  • Virtualization Platform: Reliable, micro-kernelized hypervisor with small footprint
  • Supports live migration
  • Management: Integrated, end-to-end management
  • Dynamic provisioning of apps to physical, virtual and session-based desktops
  • Rapid VM provisioning with cloned VHD’s
  • Support for failover clustering and storage migration
  • Patching, updating and monitoring of physical VDI host

Virtualization is a major part of today’s data centers. The operating efficiencies offered by virtualization allow organizations to dramatically reduce operational effort and power consumption, and increase IT flexibility.

To know more, click here
Licensing Remote Desktop Services in Windows Server 2008 R2
Remote Desktop Services (RDS, formally known as Terminal Services in Windows Server 2008) functionality in Windows Server 2008 R2 lets you remotely execute applications or an entire desktop on a Windows-based session host server from a wide range of devices over virtually any type of network connection; it also lets you remotely execute virtual machine-based (virtual) desktops on a Hyper-V-based virtualization host server. A server hosting Remote Desktop Services sessions can be referred to as a Remote Desktop Session Host (RDSH) Server, and a RDS server hosting virtual machines can be referred to as a Remote Desktop Virtualization Host (RDVH) Server. More information about the VECD license can be found here.

Remote Desktop Services Licensing Requirements

  • Windows Server Client Access License and TS/RDS Client Access License: In addition to a server license, a Windows Server Client Access License (CAL) is required to access the Windows Server software. If you wish to utilize the RDS functionality of the Windows Server software, an incremental Terminal Services Windows Server 2008 Terminal Services Client Access License (TS CAL), or the new Remote Desktop Services Client Access License (RDS CAL) is required as well. A TS or RDS CAL is required for each user or device. To be specific, a WS 2008 TS CAL or WS 2008 RDS CAL may access a server running Windows Server 2008 R2. An RDS CAL is functionally equivalent to a TS CAL.
  • Inclusion of App-V for TS in the Windows Server 2008 RDS CAL / TS CAL: Application compatibility and management is a driver of cost for many TS / RDS customers. By including the right to use App-V for TS as part of the TS & RDS CALs we have simplified licensing and enabled a broader set of RDS customers to enjoy the benefits that Microsoft Application Virtualization for Terminal Services provides which in addition to solving app-to-app conflicts and multiuser application conflicts also enables the RDS / TS customer to
  1. Consolidate Session Host / terminal servers and end server siloing
  2. End application conflicts and regression testing
  3. Accelerate application deployment for Session Hosts
  4. Reduce Deployment Risk
  5. Simplify Profile Management

DirectAccess Technical Overview for Windows 7 and Windows Server 2008 R2

The Windows® 7 and Windows Server® 2008 R2 operating systems introduce DirectAccess, a new solution that provides users with the same experience working remotely as they would have when working in the office. With DirectAccess, remote users can access corporate file shares, Web sites, and applications without connecting to a virtual private network (VPN). DirectAccess establishes bi-directional connectivity with the user’s enterprise network every time the user’s DirectAccess-enabled portable computer is connected to the Internet, even before the user logs on. With DirectAccess, users never have to think about whether they are connected to the corporate network. DirectAccess also benefits IT by allowing network administrators to manage remote computers outside of the office, even when the computers are not connected to a VPN. DirectAccess enables organizations with regulatory concerns to extend regulatory compliance to roaming computer assets. More info click here.

Windows Server 2008 R2 Upgrade Paths..Click here

Windows Server 2008 R2 is the next major Windows Server release – Road Map


Microsoft Volume Licensing Reference Guide

Software acquired through Microsoft Volume Licensing is a software license only that gives users the right to run a Microsoft software product. Customers can save above retail boxed software prices when they participate in a Microsoft Volume Licensing program. By acquiring software licenses through Volume Licensing, you pay for only the software license and not for additional materials. With some Microsoft Volume Licensing programs, you can also purchase Microsoft Software Assurance for Volume Licensing. This single, cost-effective program can help boost organizational productivity with 24 hours a day, seven days a week (24×7) support, deployment planning services, end-user and technical training, and the latest Microsoft software releases and unique technologies.

When you acquire software through a Microsoft Volume Licensing program, you can choose to acquire media (or supplemental media), documentation, and product support separately via download or physical media as needed. This guide is an overview of the key features of Microsoft Volume Licensing programs. The information is presented by organizational type and size—two of the most important keys to determining your best Volume Licensing option. In addition to traditional on-premise software licenses, Microsoft offers subscriptions to cloud services through the Microsoft Online Services Program (MOSP). How you add cloud services through your Volume Licensing agreement, download this reference guide and will help you.

The key chapters by organizational type are:

  • Commercial Business
  • Academic
  • Government
  • Charity
  • Software and Service Partners

To download the Microsoft Volume Licensing Reference Guide for a comprehensive review of each program, please click here .. The Microsoft Volume Licensing Reference Guide provides comprehensive guidance to help you select the best options for the size, type, and business needs of your organization. This 79-page document details each of the Microsoft Volume Licensing programs in addition to covering the basics of product licensing and Microsoft Software Assurance. Each chapter includes case studies, tips, and next steps to assist you with the decision-making process. An excellent resource for those who want an in-depth look at Microsoft Volume Licensing and the ability to easily compare programs.

Thanks to Microsoft for releasing this document, in order to understand the licensing program.

Restricting email to the Internet on a per user AND per domain basis

This blog post is meant to show how easy it now is to accomplish this oft heard request in Exchange 2010. Transport rules, introduced with Exchange 2007, provided a lot of new options for administration of mail resulting in even more requests for additional functionality. The rules now have new predicates and actions extending the possibilities of what can be done. For our example, the rule will restrictActive Directory Mail enabled users” who have their ‘Department‘ defined as ‘Temp Employees‘ from sending mail to the internet, except they must be allowed to send to 2 external domains called: ‘‘ and ‘‘. Additionally, to reduce Helpdesk calls, you want to send an NDR when they violate the rule. For demonstration purposes I will use 2 Conditions, one Action and one Exception.

Microsoft Exchange Team Blog will explain you how to do it in Exchange 2010…beautiful blog here

An error occurred during discovery of the database availability group topology. Error: An error occurred while attempting a cluster operation. Error: Cluster API “AddClusterNode() (MaxPercentage=12) failed with 0×80070005. Error: Access is denied.”

If the witness server you specify isn’t an Exchange 2010 server, you must add the Exchange Trusted Subsystem universal security group to the local Administrators group on the witness server. These security permissions are necessary to ensure that Exchange can create a directory and share on the witness server as needed. If the proper permissions aren’t configured, the following error is returned:
Error: An error occurred during discovery of the database availability group topology. Error: An error occurred while attempting a cluster operation. Error: Cluster API “AddClusterNode() (MaxPercentage=12) failed with 0×80070005. Error: Access is denied.”

If you specify a witness server, you must use either a host name or a fully-qualified domain name (FQDN). Using an IP address or a wildcard name isn’t supported. In addition, the witness server cannot be a member of the DAG.

To know more read Exchange server migration – 2007 to 2010 – Live cast

Un-installing/De-commissioning Exchange server 2007 Mailbox from Passive cluster node for Exchange 2010

  1. Open the command prompt of the Passive mailbox server..make sure you logged in as domain administrator.
  2. Go to C:\Program Files\Microsoft\Exchange SErver\Bin
  3. Type the command setup /mode:uninstall

Now you have successfully uninstall the Exchange server mailbox role from the passive node, but the cluster environment server information still exists, and we need to remove that as well.

To do that we need to…

  • Open the Cluster Management Tool
  • Expand the cluster resource name
  • Expand the Nodes
  • Right click the passive node server
  • Click on More actions -> click on “Stop cluster service”


 Once you “Stop Cluster Service”, then click on More actions again and click Evict and click the Evict Node….

Once you done this, restart the server.

Once the server is up…do the following too

  1. Open the Server manager console
  2. Click on Features and then click on Remove Features
  3. Uncheck Failover Clustering
  4. Click on Yes to reconfirm and click on NEXT
  5. Click on Remove.
  6. After the Server is restarted
  7. Remove any remaining files and folders from the Exchange Server program files folder and subfolders.

Thats the end of Exchange Server 2007 Mailbox de-commissioning on a Passive node….Now go to the Active mailbox server of Exchange server 2007

This process is not as same like passive node. Here we can’t go with uninstall command only, because this server holds the culstered mailbox server information and it is online. In order to remove this,

Go to the command prompt..change the directory to C:\Program files\Microsoft\Exchange Server\Bin

Type command /removeCMS /CMSName:<Clustername>

This will take the mailbox now offline from the cluster…

Now type setup /mode:uninstall

Once you finish this uninstallation, Exchange server 2007 last mail box has been remove from your do the evict

Goto command prompt (If the command prompt is open, close it and open it and then type

Cluster <mailbox cluster name> node <nodename> /force


Now you are completely depended on Exchange server 2010.