Offline Address Book Download fails with error -0x80190197

Suppose if you guys see that one of the client machine is failing to download the address book we basically look at the connectivity and URL availability etc, in additionally we will also dig at BITS service to see if it is started. Even if everthing is showing up and good -some time OAB download will fail and show the error message 0x80190197.

What do we do then, verify if the BITS service is V2. Yes, this sounds stupid but in reality BITS v2 authenticates differently then V1.

-The client program that is using BITS 2.0 does not specify that the credentials of the client can be used by calling the IBackgroundCopyJob2::SetCredentials method.
-The Microsoft LAN Manager compatibility level (LmCompatibilityLevel) on the BITS 2.0 client contains a value that is set to 1 or to 0. You can find the LAN Manager compatibility level entry on the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel
-The file transfer is performed through a Windows-based server or a Windows-based Internet proxy server that requires Integrated Windows authentication.

Resolution:
UseLmCompat registry value in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS subkey, and then add a DWORD value of 0. To do this, follow these steps on the BITS 2.0 client computer: 1. Click Start, click Run, and then type regedit.

2. Locate the following subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS

3. Right-click BITS, point to New, click DWORD Value, type UseLmCompat, and then press ENTER.

4. In the right pane, right-click UseLmCompat, and then click Modify.

5. In the Value data box, type 0, and then click OK.

6. Quit Registry Editor.

7. Restart the BITS 2.0 service

Steps to Add Iron Port device in Cluster

Steps to follow in order to add the IronPort device into the Cluster-(while using CCH key –port 2222)

a) Login to 192.168.1.2:

Before we could add the new device into the Cluster, we would need to remove the stale entry of older device from the cluster. In order to do so please follow the below steps

 login to clusterconfiguration by running clusterconfig command
 Hit the command “removemachine” and remove the machine from the cluster

Steps to add the new device :

(Machine ironport-c150-2.revenge.com) (SERVICE)> clusterconfig

This command is restricted to “cluster” mode. Would you like to switch to “cluster” mode? [Y]>Y

Cluster L-C150

Choose the operation you want to perform:
– ADDGROUP – Add a cluster group.
– SETGROUP – Set the group that machines are a member of.
– RENAMEGROUP – Rename a cluster group.
– DELETEGROUP – Remove a cluster group.
– REMOVEMACHINE – Remove a machine from the cluster.
– SETNAME – Set the cluster name.
– LIST – List the machines in the cluster.
– CONNSTATUS – Show the status of connections between machines in the cluster.
– COMMUNICATION – Configure how machines communicate within the cluster.
– DISCONNECT – Temporarily detach machines from the cluster.
– RECONNECT – Restore connections with machines that were previously detached.
– PREPJOIN – Prepare the addition of a new machine over CCS.
[]> list

Cluster L-C150
==============
Group Main_Group:
Machine ironport-c150-2.revenge.com (Serial #: 001D09FB7DE2-GJ5X4G1) -> Verified that only 192.168.1.2 was into the cluster

Cluster L-C150

Choose the operation you want to perform:
– ADDGROUP – Add a cluster group.
– SETGROUP – Set the group that machines are a member of.
– RENAMEGROUP – Rename a cluster group.
– DELETEGROUP – Remove a cluster group.
– REMOVEMACHINE – Remove a machine from the cluster.
– SETNAME – Set the cluster name.
– LIST – List the machines in the cluster.
– CONNSTATUS – Show the status of connections between machines in the cluster.
– COMMUNICATION – Configure how machines communicate within the cluster.
– DISCONNECT – Temporarily detach machines from the cluster.
– RECONNECT – Restore connections with machines that were previously detached.
– PREPJOIN – Prepare the addition of a new machine over CCS.
[]> prepjoin

Prepare Cluster Join Over CCS -> we would need to select the PrepJoin option in order to make the new IronPort device ready for CCS connection and to apply the key

No host entries waiting to be added to the cluster.

Choose the operation you want to perform:
– NEW – Add a new host that will join the cluster.
[]> new

Enter the hostname of the system you want to add.
[]> ironport-c150-1.revenge.com

Enter the serial number of the host ironport-c150-1.revenge.com.
[]> ******************

Enter the user key of the host ironport-c150-1.revenge.com.-> This can be obtained by typing “clusterconfig prepjoin print” in the CLI on ironport-c150-1.revenge.com.

=======================================================================

GO back to 192.168.1.1:

ironport-c150-1.revenge.com (SERVICE)> clusterconfig prepjoin print

Host: ironport-c150-1.revenge.com
Serial Number: ******************
User Key:
ssh-dss
AAAAB3NzaC1kc3MAAACBAJylPNMwuIwzGB9hZRMWbj8t9Caz6v/Dc7iCB2Md9nBq8g1xuXAf4pje
Ea+QMSleatRpPoVFhYP9iJEc+8fppxgiNAfvuJ9WjpUGDGWK0/1Zkp1h5wyrxZwSuhZoGo+v
Ea+QMSleatRpPoVFhYP9iJEc+4Hhp
VUz7fg2aJfo1YpW+wEmEM2d83YN8LAnsMtUnK2ZzAAAAFQDnoJ3LVN7KzD5+KGtwQd/aMZ6t
VUz7fg2aJfo1YpW+wEmEM2d83YN8LAnsMtUnK2ZzAAAAFQDnoJ3LVN7KzD5+SQAA
AIBz9Ax0KYfufEN0QhfFSawiOuCQqPqNEJTDHjPHZPzAl1x/G86v+oh85Vpp+rleaPU8fDEbf1RV
ixiYsKIu/Lj5qgoOb8FbiwB7siH3ioD2SG5YF/Rjw3NYtZSmT1HrmiW389cZTC//KgEL5o4JlyX1
8BqOApaO0gg8AdIvP7Z9OAAAAIBUyZ6uJDCPDhKxy2RuqKdYKfzgeARFPlGtbsnPk0V3Xgc4Eved
yWWhdLQ13/XXvZRS6aG2dyLBD0our8B+4CTwYgtaffzH5XKb6voigFJnuX3k2+bNONhIkSDeFw93
GTGUgUubDXdi/Azkx+mQaRu8RTssG2h1JBKxM0OW5Ps1Ow==

================================================================================
Continuing the addition process on 192.168.1.2 :

Copy the above content to the User Key section on Press enter on a blank line to finish.
ssh-dss
AAAAB3NzaC1kc3MAAACBAJylPNMwuIwzGB9hZRMWbj8t9Caz6v/Dc7iCB2Md9nBq8g1xuXAf4pje
Ea+QMSleatRpPoVFhYP9iJEc+8fppxgiNAfvuJ9WjpUGDGWK0/1Zkp1h5wyrxZwSuhZoGo+v
Ea+QMSleatRpPoVFhYP9iJEc+4Hhp
VUz7fg2aJfo1YpW+wEmEM2d83YN8LAnsMtUnK2ZzAAAAFQDnoJ3LVN7KzD5+KGtwQd/aMZ6t
VUz7fg2aJfo1YpW+wEmEM2d83YN8LAnsMtUnK2ZzAAAAFQDnoJ3LVN7KzD5+SQAA
AIBz9Ax0KYfufEN0QhfFSawiOuCQqPqNEJTDHjPHZPzAl1x/G86v+oh85Vpp+rleaPU8fDEbf1RV
ixiYsKIu/Lj5qgoOb8FbiwB7siH3ioD2SG5YF/Rjw3NYtZSmT1HrmiW389cZTC//KgEL5o4JlyX1
8BqOApaO0gg8AdIvP7Z9OAAAAIBUyZ6uJDCPDhKxy2RuqKdYKfzgeARFPlGtbsnPk0V3Xgc4Eved
yWWhdLQ13/XXvZRS6aG2dyLBD0our8B+4CTwYgtaffzH5XKb6voigFJnuX3k2+bNONhIkSDeFw93
GTGUgUubDXdi/Azkx+mQaRu8RTssG2h1JBKxM0OW5Ps1Ow==

Host ironport-c150-1.revenge.com added.
============================================================================
=
Once the device is configured to use CCH key, login to 192.168.1.1 once again and run the below commands to add the device into the cluster

ironport-c150-1.revenge.com (SERVICE)> clusterconfig

Do you want to join or create a cluster?
1. No, configure as standalone.
2. Create a new cluster.
3. Join an existing cluster over SSH.
4. Join an existing cluster over CCS.
[1]> 4

While joining a cluster, you will need to validate the SSH host key of the remote machine to which you are joining. To get the public host key fingerprint of the remote host, connect to the cluster and run: logconfig -> hostkeyconfig -> fingerprint.

In order to join a cluster over CCS, you must first log in to the cluster and tell it that this system is being added. On a machine in the cluster, run “clusterconfig -> prepjoin -> new” with the following information and commit.
Host: ironport-c150-1.revenge.com
Serial Number: *****************
User Key:
ssh-dss
AAAAB3NzaC1kc3MAAACBAJylPNMwuIwzGB9hZRMWbj8t9Caz6v/Dc7iCB2Md9nBq8g1xuXAf4pje
Ea+QMSleatRpPoVFhYP9iJEc+8fppxgiNAfvuJ9WjpUGDGWK0/1Zkp1h5wyrxZwSuhZoGo+v
Ea+QMSleatRpPoVFhYP9iJEc+4Hhp
VUz7fg2aJfo1YpW+wEmEM2d83YN8LAnsMtUnK2ZzAAAAFQDnoJ3LVN7KzD5+KGtwQd/aMZ6t
VUz7fg2aJfo1YpW+wEmEM2d83YN8LAnsMtUnK2ZzAAAAFQDnoJ3LVN7KzD5+SQAA
AIBz9Ax0KYfufEN0QhfFSawiOuCQqPqNEJTDHjPHZPzAl1x/G86v+oh85Vpp+rleaPU8fDEbf1RV
ixiYsKIu/Lj5qgoOb8FbiwB7siH3ioD2SG5YF/Rjw3NYtZSmT1HrmiW389cZTC//KgEL5o4JlyX1
8BqOApaO0gg8AdIvP7Z9OAAAAIBUyZ6uJDCPDhKxy2RuqKdYKfzgeARFPlGtbsnPk0V3Xgc4Eved
yWWhdLQ13/XXvZRS6aG2dyLBD0our8B+4CTwYgtaffzH5XKb6voigFJnuX3k2+bNONhIkSDeFw93
GTGUgUubDXdi/Azkx+mQaRu8RTssG2h1JBKxM0OW5Ps1Ow==

Choose the interface on which to enable the Cluster Communication Service:
1. Management (192.168.1.1/26: ironport1.revenge.com) [1]> 1

Enter the port on which to enable the Cluster Communication Service:
[2222]>

Enter the IP address of a machine in the cluster.
[]> 192.168.1.2

Enter the remote port to connect to. This must be the CCS port on the machine “192.168.1.2”, not the normal admin ssh port.
[2222]>

Joining cluster group Main_Group.
Joining a cluster takes effect immediately; there is no need to commit.

Now the devices are into the cluster and below commands were used to see what are the devices which are running into the cluster:

To check on both system run clusterconfig , list

Cluster L-C150) (SERVICE)> clusterconfig

Cluster L-C150

Choose the operation you want to perform:
– ADDGROUP – Add a cluster group.
– SETGROUP – Set the group that machines are a member of.
– RENAMEGROUP – Rename a cluster group.
– DELETEGROUP – Remove a cluster group.
– REMOVEMACHINE – Remove a machine from the cluster.
– SETNAME – Set the cluster name.
– LIST – List the machines in the cluster.
– CONNSTATUS – Show the status of connections between machines in the cluster.
– COMMUNICATION – Configure how machines communicate within the cluster.
– DISCONNECT – Temporarily detach machines from the cluster.
– RECONNECT – Restore connections with machines that were previously detached.
– PREPJOIN – Prepare the addition of a new machine over CCS.
[]> list

Cluster L-C150
==============
Group Main_Group:
Machine ironport-c150-1.revenge.com
Machine ironport-c150-2.revenge.com

Note : please note that cluster group name is Cluster L-C150

What the Heck is ADRMS, kept scrating my head when i heard about it first

What is AD RMS:

Windows Rights Management Services (also called Rights Management Services, Active Directory Rights Management Services or RMS) is a form of Information Rights Management used on Microsoft Windows that uses encryption and a form of selective functionality denial for limiting access to documents such as corporate e-mail, Word documents, and web pages, and the operations authorized users can perform on them. Companies can use this technology to encrypt information stored in such document formats, and through policies embedded in the documents, prevent the protected content from being decrypted except by specified people or groups, in certain environments, under certain conditions, and for certain periods of time. Specific operations like printing, copying, editing, forwarding, and deleting can be allowed or disallowed by content authors for individual pieces of content, and RMS administrators can deploy RMS templates that group these rights together into predefined rights that can be applied.

How does it benefit:

Safeguard sensitive information. Applications such as word processors, e-mail clients, and line-of-business applications can be AD RMS-enabled to help safeguard sensitive information Users can define who can open, modify, print, forward, or take other actions with the information. Organizations can create custom usage policy templates such as “confidential – read only” that can be applied directly to the information.
Persistent protection. AD RMS augments existing perimeter-based security solutions, such as firewalls and access control lists (ACLs), for better information protection by locking the usage rights within the document itself, controlling how information is used even after it has been opened by intended recipients.
Flexible and customizable technology. Independent software vendors (ISVs) and developers can AD RMS-enable any application or enable other servers, such as content management systems or portal servers running on Windows or other operating systems, to work with AD RMS to help safeguard sensitive information. ISVs are enabled to integrate information protection into server-based solutions such as document and records management, e-mail gateways and archival systems, automated workflows, and content inspection.

Exchange 2010 and AD RMS:

Exchange 2010 IRM leverages the power of Active Directory Rights Management Service (AD RMS) to digitally protect documents (mails, etc.…) by assigning specific usage rights to them. You can for instance prevent forwarding or printing of a message and even prevent saving of attachments. What RMS will not do is prevent from taking screenshots.

Pre-defined template can be created on the RMS in order to publish those to the users, while users is trying to send the emails he can use the pre-defined templates from his Outlook or WebApp and send the restricted emails.

This feature is not only limited to the Client end, Administrator can add the custom based templates to the Transport rules and restricted emails can be sent by using Exchange Transport rules.

How Does it Work:

Suppose if a user wants to send a Document/Mail to another user he will specify what kind of permission does the receiver should have, it may be either Read only/write/Full/Do not Print/Do not forward access etc, Once the document or Email has been received by recipient and he will try to open the document and communicates with AD RMS to retrieve their permissions to the document. If the document has read access set for this user then this is all the user is able to do. They cannot save or change the document in anyway. And if the user has no permission set against the document, then they cannot even open it.

Limitations:

AD RMS can be made useful only internally, because the emails or documents contacts AD RMS server within the environment to encrypt/Decrypt or to retrieve the applied permissions.

Hardware Requirement:

Looking at the environment we would suggest to have a separate server for installing the AD RMS, may be a Virtual server with the below specification would suffice

Processor: Two processors with 3 GHz or higher

RAM: 1024 MB minimum

Hard Disk: 80GB

Software requirement:
Operating system: Windows Server 2008 or Windows Server 2008 R2
Web Services: IIS and ASP.NET

Database: AD RMS requires database, such as Microsoft SQL server 2005

To read further, refer the below URL : http://www.proexchange.be/blogs/exchange2010/archive/2011/08/15/integrating-ad-rms-with-exchange-2010-part-1.aspx

Delegate settings not saved correctly

Below is the error which we get to see when providing delegate access on the calendar

“The Delegates settings were not saved correctly.Cannot activate send-on-behalf list.
You do not have sufficient permission to perform this operation on this object”

In this case even though you have all the necessary permissions you would get to see the error, add the below registry entry on the client machine from where you are trying to perform this operation.

HKEY_CURRENT_USER\Software\Microsoft\Office\\Outlook\Preferences
DWORD: IgnoreSOBError
Value: 1

For more details read the below URL 🙂
http://social.microsoft.com/Forums/en-US/partnermsgexchange/thread/214ad234-2f9e-4160-add5-5c2da2358a90

Enable Outlook Troubleshoot loggin -Outlook 2011

Turn on logging

1. On the Window menu, click Error Log.
2. In the Errors window, click Settings .
3. Select the Turn on logging for troubleshooting check box, and then click OK.

Notes
• Data files that have the name Microsoft Outlook_Troubleshooting_0.log are written to the desktop.
• Outlook does not include authentication information in the data files.
• Outlook appends new log entries to the data file until the file is either moved or deleted.