Forefront UAG 2010: Change Internal Network Range

Published on Monday, February 21, 2011 in

Very recently I started toying around with UAG (Unified Access Gateway)  2010. Right after installing and following step 1 of the wizard (select your Internal Network) I decided to change my subnets. Changing network adapters to another subnet is easy, however my UAG configuration fun was halted for some reason:


In words:

The UAG configuration cannot be retrieved from Forefront TMG storage. An error has occurred and UAG will close. Check that TMG services are running. If the UAG server is a domain member, verify connectivity to the domain controller.

Luckily I know TMG (Threat Management Gateway). The UAG manages this TMG instance for you by letting you complete various wizards. I couldn’t access the UAG console but the TMG console launched just fine. This allowed me to change the Internal Network definition:


After a reboot I was able to launch the UAG console. Promptly it presented me the following question:


In my opinion that should rather be an OK box than a yes/no prompt as the no option sounds rather unpleasant… Smile


And now we’re off the discover what’s UAG all about!


Exchange: Move Mailbox Remote Credentials Format

Published on in

In the project I’m currently involved, my colleagues are planning to migrate several mailboxes to a new Exchange 2010 platform. This particular issue was encountered when migrating mailboxes from Exchange 2007 (cross-forest) to Exchange 2010. They are currently running several test migrations so we can get an estimate of the amount of mailboxes we can migrate in a given timeframe. Using the New-MoveRequest cmdlet and some PowerShell magic they were processing 100 mailboxes one by one. Oddly a lot of them failed with the following error:


In words:

Failed to reconnect to Active Directory server dc.domain.tld. Make sure the server is available, and that you have used the correct credentials.
    + CategoryInfo          : NotSpecified: (0:Int32) [New-MoveRequest], RemoteTransientException
    + FullyQualifiedErrorId : A46C2901,Microsoft.Exchange.Management.RecipientTasks.NewMoveRequest

After trying the same New-MoveRequest command 5 or 6 times in a row all of a sudden the command finished successfully. Hmm that’s odd! As I’m sitting across my issue radar got activated and I launched google and stumbled upon the following topic: Not able to do a Cross forest Migration between E2k3-E2k7

The solution mentioned over there is to use the <FQDN of domain>\<username> format instead of the <NetBIOS domain name>\<username> when specifying the Remote Credentials. These credentials belong to a user which has permissions on the source mailboxes. Don’t ask for any logical explanation, but it sure did the trick.

For an overview of all supported logon credentials formats, see: KB929272: Interactive logon styles and Key Distribution Center account lookup in Windows Server 2003


Microsoft Community Contributor Award!

Published on Thursday, February 17, 2011 in

When I opened my mail today I was glad to see I got awarded with the Microsoft Community Contributor Award for 2011. It’s great to be recognized for my blogging, TechNet forums & wiki efforts. Thanks Microsoft! Thanks Community! Participating in this community is about giving and taking. I’m more than glad to do my fair share of sharing information!


For those that don’t know the award: Microsoft Community Contributor FAQ


FIM 2010: Synchronization Service Crashes

Published on in

This post will be quick and dirty. I just want to lead people having the error message below to the correct KB article and fix. I myself was seeing the error below whilst running export run profiles on my AD MA. Nothing particular was being exported, just running scheduled runs. Every once in a while the Synchronization Service seemed to crash.

The error:

The description for Event ID 0 from source FIMSynchronizationService cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

There is an error in Exch2010Extension BeginExportToCd() function.Type: System.Threading.ThreadAbortException

Message: Thread was being aborted.

Stack Trace:    at System.Threading.WaitHandle.WaitOneNative(SafeWaitHandle waitHandle, UInt32 millisecondsTimeout, Boolean hasThreadAffinity, Boolean exitContext)
   at System.Threading.WaitHandle.WaitOne(Int64 timeout, Boolean exitContext)
   at System.Management.Automation.Runspaces.AsyncResult.EndInvoke()
   at System.Management.Automation.Runspaces.Internal.RunspacePoolInternal.EndOpen(IAsyncResult asyncResult)
   at System.Management.Automation.Runspaces.RunspacePool.Open()
   at System.Management.Automation.RemoteRunspace.Open()
   at Exch2010Extension.Exch2010ExtensionClass.OpenConnection(String uri, PSCredential credential)
   at Exch2010Extension.Exch2010ExtensionClass.BeginExportToCd(String connectTo, String domain, String server, String user, String password)

This particular issue was solved in KB2028634 (FIM 2010 build 4.0.3547.2): check out Synchronization Engine issue 12: The Exchange Serer 2010 PowerShell cmdlets causes the FIM Sync Service to crash when the cmdlets time out.