Tuesday, February 14, 2017

Add Color coded PowerShell code to your Blogger page

I wanted a nicer way to show PowerShell code on my page here.
So after a little bit of searching a came across the PowerShell ISE.
Now thats nothing new, but what i didn't know is that you can add "add ons" to the ISE and with that it becomes even more fun.

To be able to add color coded PowerShell code to your blog install the module "IsePackV2"

If you haven't set Chocolatey and PSGallery as Packagesource and trusted them then run:
Get-PackageProvider -Name PSGallery -Force           
Set-PackageSource -Name PSGallery -Trusted            
Get-PackageProvider -Name Chocolatey -Force            
Set-PackageSource -Name Chocolatey -Trusted

This Add on needs some additional modules so we'll install all in one go.
You can run this in PowerShell Ise or regular PowerShell but both must be run with elevated permissions:
Install-Module IsePackV2 -AllowClobber            
Install-Module ShowUI -AllowClobber            
Install-Module RoughDraft -AllowClobber            
Install-Module Pipeworks -AllowClobber            
Install-Module EZOut -AllowClobber            
Install-Module ScriptCop -AllowClobber            
Import-Module IsePackV2

When running the PowerShell ISE as Administrator and running Import-Module IsePackV2 there will be some error. I don't know where it comes from, i'll have to look in to that later.
But for now the thing your looking for is the add on we just added.

The way this is as follows.
Your type some stuff in the script pane in the ISE.

Select and copy it, go to Add-ons -> IsePack -> Edit -> Copy-ColoredAsHtml.
As soon as you click "Copy-ColoredAsHtml" it on your clipboard.
Now go to your blog editor and paste the text in the Html editor page:

And then it will look like this on your blog:

Load Exchange 2013 PowerShell Cmdlets when starting PowerShell ISE everytime

Start PowerShell ISE with an account that has administrative privileges.CAUTION: Make sure that you start Windows PowerShell ISE, which is 64-bit, rather than Windows PowerShell ISE (x86) which is 32-bit.

Enter the command test-path $profile. This will either return a True or a False.
If it returns False then you can create a profile for yourself using the following command.

if (!(test-path $profile)) {new-item -type file -path $profile -force}

The path to the profile is provided, e.g. C:\Users\SP_Admin\Documents\WindowsPowerShell. The name of the file is also provided, e.g. Microsoft.PowerShellISE_profile.ps1.

Open the .ps1 file in Notepad. The file will be blank. Enter the following command and then save the file (File, Save). Make sure that the file is saved with the original .PS1 extension and not .txt.

Add-PSsnapin *Exchange* -ErrorAction SilentlyContinue

Close and restart the PowerShell ISE. Your Exchange PowerShell cmdlets should now be available to you. Verify this by typing any Exchange PowerShell cmdlet. For example type the following command.
Get-ExchangeServer | fl name,edition,admindisplayversion

And you can add some other's ofcourse:
Import-Module IsePackV2 -Force

Sunday, February 12, 2017

Steps for renewing NDES Service Certificates

Well this was a life saver once again, being on vacation the moment this was implemented, and the supplied documentation by the 3rd party that did that being insufficient, this saved my a s s.
And as stated by the blogger "chdelay" there's not a lot of info to be found on this matter.

For those organizations that used the Network Device Enrollment Service run into the process for renewing the certificates for NDES. I never was able to find good instructions on how to do this. So, I had no choice but to create my own. The steps in this blog posting cover how to renew the certificates used by the Network Device Enrollment Service. You will need to be logged in as an Enterprise Admin for most of the steps outlined in this posting.

Step 1: First give the NDES Server Read and Enroll permission to the CEP Encryption Certificate Template.

Step 2: Open the certificates MMC targeted to the computer. Expand Personal. Right-click on Certificates. From the context menu select All Tasks then Renew Certificate with New Key…

Step 3: On the Before You Begin page of the wizard, click Next.

Step 4: On the Request Certificates page, click Enroll.

Step 5: On the final page of the wizard, click Finish.

Step 6: Open Certmgr.msc as a user that has Read and Enroll permissions to the Exchange Enrollment Certificate Template. Expand Personal, right click on Certificates. Select All Tasks, and then Request New Certificate…

Step 7: On the Before You Begin page, click Next.

Step 8: On the Select Certificate Enrollment Policy page, click Next.

Step 9: Select the Exchange Enrollment Agent certificate template, and click the More information is required to enroll for this certificate. Click here to configure settings. link.

You will want to user the same Subject Name that is in your current Exchange Enrollment certificate. The following steps illustrate the steps needed to do this. You can find the current subject name by opening the Certificates MMC targeted to the local machine and then open the existing Exchange Enrollment Agent certificate. In my example the name was CN=FCNDES01-MSCEP-RA,C=US.
Step 10: Under Subject Name ensure that Common Name is selected and under Value enter the common name that is in your existing certificate. Then click Add.

Step 11: Change the Type to Country and under Type the country code that is your existing Exchange Enrollment Agent certificate.

Step 12: Click Add

Step 13: On the Private Key tab, select Make private key exportable. Then click OK.

Step 14: Then click Enroll.

Step 15: Right-click on the Exchange Enrollment certificate in the users personal store. Select Export…

Step 16: When the Certificate Export Wizard opens, click Next.

Step 17: On the Export Private Key page, select Yes, export the private key.

Step 18: On the Export File Format page, select Personal Information Exchange – PKCS #12 (.PFX)

Step 19: On the Password page, enter a password and click Next.

Step 20: On the File to Export page, click the Browse… button. Select the file name and save location. When finished click Next.

Step 21: n the final page of the wizard, click Finish.

Step 22: Then click OK.

Step 23: In the Certificate MMC on the NDES Server that is targeted to the computer, expand Personal. Right-click on Certificates. From the context menu, select All Tasks and then Import…

Step 24: On the Welcome page, click Next.

Step 25: Browse to the PFX file you previously created, and click Next.

Step 26: On the Password page, enter the password associated with the PFX file.

Step 27: On the Certificate Store page, click Next.

Step 28: On the final page of the wizard, click Finish.

Step 29: Then click OK.

Step 30: In the Certificate MMC on the NDES Server that is targeted to the computer, expand Personal. Right-click on the old Exchange Enrollment certificate, and select Delete.

Step 31: Then click Yes, to accept the deletion.

Step 32: Right click on the new Exchange Enrollment certificate. From the context menu, select All Tasks then Manage Private Keys…

Step 33: Add the NDES service account and ensure that it just has Read permission. Click OK.

Step 34: Right click on the new CEP Encryption certificate. From the context menu, select All Tasks then Manage Private Keys…

Step 35: Add the NDES service account and ensure that it just has Read permission. Click OK.

Step 36: Reset IIS using iisreset command.


Wednesday, February 8, 2017

Upcoming Exchange 2013 CU16 requires .NET 4.6.2, .NET 4.6.1 no longer supported

The upcoming CU16 for Exchange 2013 requires .NET 4.6.2.
Expect the CU16 to check for the latest .Net version prior to installing as a prerequisite check.

Microsoft .NET Framework

The following table identifies the version of the Microsoft .NET Framework that can be used together with each version of Exchange. Supported versions are identified by an X character.
Releases of .NET Framework that aren't listed in the table below are not supported on any version or release of Exchange. This includes minor and patch-level releases of .NET Framework.

.NET Framework
Exchange 2016 CU3 and later
Exchange 2016 CU2
Exchange 2013 CU15 and later
Exchange 2013 CU14
Exchange 2010 SP3
.NET Framework 3.5

.NET Framework 3.5 SP1

.NET Framework 4.0

.NET Framework 4.5

.NET Framework 4.5.1


.NET Framework 4.5.2

.NET Framework 4.6.1

.NET Framework 4.6.2


  1. If you are using Windows Server 2012, the .NET Framework 3.5 must be installed before you can use Exchange 2010 SP3.
  2. Exchange 2010 uses only the .NET .NET Framework 3.5 and .NET .NET Framework 3.5 SP1 libraries. It doesn't use the .NET .NET Framework 4.5 libraries if they're installed on the computer. We support the installation of any major or minor version of .NET .NET Framework 4.5 (for example, .NET .NET Framework 4.5.1, .NET .NET Framework 4.5.2, and so on) as long as .NET .NET Framework 3.5 or .NET .NET Framework 3.5 SP1 are also installed on the computer.
  3. If you're upgrading from a previously installed Exchange cumulative update, we strongly recommend that you install the latest cumulative update before .NET Framework 4.6.1 and its related post-release fixes.
  4. .NET Framework 4.6.1 requires post-release fixes if you want to install it on a server running a supported version of Exchange. The following are the .NET Framework 4.6.1 post-release fixes needed for Exchange.

Sunday, February 5, 2017

Install SQL 2008 SP3 - Windows Update Error Code 84BE0BCE

When trying to install the SQL 2008 service pack 3(KB2979597) (or the security update KB3045316) through WSUS (on premise) you may encounter the following error:

Windows Update Error Code 84BE0BCE, now this doesn't say anything useful so to the Google-O-Matic we go.
Many will suggest to install the SP3 manually, so after downloading the file and running the installer I got this:

Not very useful as well...

Turns out there's a command line installation option with this (I never would have guessed I never do anything with SQL).
The option is to skip the cluster check like this:

C:\Temp\SQLServer2008R2SP3-KB2979597-x64-ENU.exe :\Setup /SkipRules=Cluster_IsOnlineIfClustered /action=patch

The same goes for KB3045316:

SQLServer2008R2-KB3045316-x64.exe :\Setup /SkipRules=Cluster_IsOnlineIfClustered /action=patch

And then you can install the SP3 without the error in the first screenshot because the cluster check rule is skipped.