There have been a number of changes to the security certificate world lately. Validity periods have shrunk from 3 years to 2 years and now to 1 year. SHA256 has taken over the world. Wildcard certificates have gone from risky to accepted and supported in many scenarios. All this means we are all rekeying and deploying certificate’s a lot more. Just to make it more fun, there are more options involved. So, it is best to make the task as error free and quick as possible.
WINS is old but still in use in many environments. I upgraded a 2003 domain to 2008 R2 and discovered something about WINS that is worth knowing if you are installing it on a 2008 R2 or newer server.
When you add the WINS feature, it appears to install correctly but some of the server settings are corrupt. Specifically, if you open the server settings and select the ‘Intervals’ tab you will see this:
If your ActiveSync device keeps asking you for your password this could be the reason.
I seldom get time to write here but when I see the same issue come up multiple times, I try to get something on-line about it.
In this case it is Exchange 2010 and Active Sync phones.
I ran into a rather obscure Exchange Availability Service behavior that will be of little interest to most. So, if you are not working at a hosting company or have never heard of the ‘msExchQueryBaseDN’ attribute, save yourself some time and skip this post.
The ‘msExchQueryBaseDN’ attribute is used to restrict Outlook Web Access’ (OWA) search for mail enabled objects in Active Directory (when simulating the Global Address List) — or at least that is what it was originally used for. Rather than searching for all mail enabled objects, it will search only a portion of Active Directory. The attribute is usually not set because most Exchange organizations have only one Global Address List – The ‘Default Global Address List’ which contains all mail enabled objects.
If you don’t understand why there would be more than one GAL, stop reading here.