Good news is you don’t have to reissue. Open the MMC for Certificates and open the Properties for that certificate. Change the Friendly Name to match the CN: *.domain.com. IIS bindings should then light up the host name field.

After investigating the logs, I found that there was a two+ minute lag where Lync kept trying to log in via lync.domain.com:5061.  Lync is typically the web service address (listening on 443) and will not work, so It would then fail back to 443 (or maybe sip.domain.com:443, can’t remember) and then work, but only after that long wait.

I fixed it by turning off automatic config and setting servers to sip.domain.com:443.  Now it connects instantly on startup.

Starting in April 2012 I wasn’t able to upload any new files and with CloudApp’s fast support I found out that it could be my web filter.  I’m using Dyn.com’s great (and free) service for protecting my home network from malicious web sites via a slick DNS filter.  Dyn uses Barracuda Networks as it’s web filter backend, and recently added CloudApp’s domain’s to the bad list, which I imagine is common with download or short-link sites where the hoster can’t control the content.

Thanks to CloudApp support, I found the domains to add to your web filter whitelist: cl.ly and cld.me

As a consulting engineer for various small and large organizations, I can say it is the norm for users to actually be de facto monitoring solution.  They are the first to know of an outage.  Many small and medium business admins settle for this because they (and management) seem to assume that either:

1. Good server monitoring is expensive or too hard to even consider.
2. That it’s possible to prevent some outages with basic monitoring.

All this goes on while server manufactures and the Windows Server OS doesn’t offer the one feature they need: a basic built-in notification service for the 20% of issues that cause 80% of the problems.  Hardware and OS’s tend to log the problems, but those get lost in a sea of log data.  Why doesn’t my Dell server ask me for an email address to notify of hardware errors/warnings on first boot?  Why doesn’t Windows have a one-button option to turn on basic email alerting of service failures, unplanned reboots, or other monitoring 101 stuff?

Well enough wishing.  Time we did something about that for those who don’t have the time, budget, server recourses, or skills to deploy an in-house monitoring solution.

Sign up for my beta invite list and stop guessing if your servers are OK. http://winsitter.com

Below is a summary of a talk I gave to Hampton Roads .NET User Group in January 2012.

1st Part: Tools Developers Should (but don’t) Talk About

Developers are usually busy being great developers and just what their systems to work.  I’ve spent many years figuring out how to protect those systems and keep them running.  In this first part I’ve detailed the tools I feel are maybe outside the realm of a developers expertise but should still be running on their systems.

• Web Of Trust - Under the category of “save you from yourself”. A browser add-in that helps you determine if a link or site leads you to a “bad” web page.  By “bad” it could be malicious, untrustworthy, or not safe for families, etc.  It’s user-driven so not always 100% correct (I’ve seen false positives) but the best feature is showing it’s stoplight indicators on google search results.  If you actually goto a page that’s suspect, it’ll darken the page and give you a big “are you sure”?
• DynDNS Internet Guide (or Google Public DNS) – Similar result to Web Of Trust but more behind the scenes.  Honestly I think every home network router should be doing this.  There’s no down side.  You are changing the DNS server IP’s on your computer or home router to theirs (either Dyn or Google’s), which they will provide not only fast DNS lookups, but also filter the DNS results so you don’t end up on a bad website.  Similar to WOT, DynDNS will warn you first.  It also allows you to set custom settings with a free account if you are a parent and want to filter additional types of sites from all your computers.
• Bitlocker - Another “no reason not to do this” on laptops.  To me it justify’s the extra cost of Windows 7 Ultimate (or Enterprise) to have this feature, which will encrypt your disk drives to prevent data theft if you loose your laptop.  It helps me sleep at night knowing my data is still protected in case of theft.  Just search the Start menu for Bitlocker and copy the key to your smartphone, email, or print it for safe keeping in case you ever need it (usually don’t) to boot the computer.
• Nitro Reader - Outside the OS and the browser itself, the next likely security risks revolve around the browser add-in’s and some of the worst ones are Java and Adobe Acrobat Reader.  We can’t replace Java but we can ditch Acrobat Reader, and in the process get a better PDF program that does more for free then Reader.  Enter Nitro Reader.  Fast, modern interface with no ad-ware.  I recommend it to all my clients as a Acrobat Reader replacement (and upgrade) and so far everyone’s happy.
• Microsoft Security Essentials - Free forever anti-virus/malware.  Rumor has it that it’ll be included in Windows 8 (FINALLY anti-virus built into Windows).  It gets high ranks for quality of the engine, plus my favorite feature: it almost NEVER bugs you, and that’s what we all want in a anti-virus, an app that we never have to mess with.
• Secunia PSI - Do you ever wonder if you have any software on your computer that has known security issues?  Secunia PSI answers that question with a great tool that’s like a Windows Update for the rest of your apps. It scans your system and notifies you of software that has known security issues and a download link to the newest version to fix it.  I run it on my Windows systems monthly.  Only free for personal use.
• Backblaze (or Mozy or Carbonite) – I used Carbonite years ago, and I’ve used Mozy for some business systems, but Backblaze takes the cake for the best whole-computer online backup solution.  It even backs up USB drives, and provides a bonus feature similar to a LoJack for your PC.  You should always use an automated backup solution, and now-a-days it’s easiest to use an online backup solution, so why not go with the best-bang-for-your-buck with Backblaze.  Here’s hoping you’ll never need it.
• SugarSync (or dropbox or box) – I’ve used them for years to sync files between my multiple PC’s, as well as share files with co-workers or access my files when I don’t have my computer.  This is a sneaky way to get others who you share files with to keep those files you share backed up.  Plus, it prevents the need to always email files back and forth.

2nd Part: Virtualization for the Developer

Virtualization of PC’s for test and devlopment is not new, but some have still not taking the leap to this great solution.  Others maybe are using a tool that doesn’t meet there needs or could use some advice on managing their virtual systems, so lets start from the begining.

• Why?
  • You are likely developing for a OS different then the one you are on.
  • Test Microsoft products quickly (pre configured): search “vhd” at www.microsoft.com/downloads and more listed at www.microsoft.com/vhd.
  • Use browsers of other OS’s or run your web app on a real IIS Server.
  • Allow you to run multiple versions of Visual Studio, Office, etc.
  • Use snapshots to test software changes on test virtual machines’s.
• Getting Started
  • You should be running a 64-bit OS on your hardware (32-bit does work in some cases but is quite limited).  Not sure if you are 64bit?  Run msinfo32.exe and look for “system type” on the right and it hopefully says x64.  If it says x86 then sorry, you’re 32-bit.  There’s nothing to fear from reloading into x64.  It’s not the land-of-confusion it was 5 years ago.
  • Be sure your BIOS has virtualization enabled.  This Microsoft Virtual PC tutorial talks at length and gives you a tool to check, but basically there is a BIOS feature for your hardware to be “virtualization enhanced” that is often not enabled.  This is required for Hyper-V to work, and if not enabled VirtualBox will run much slower.
  • Terminology: The OS running directly on your hardware is called the “host” or “parent” and the virtual machine (VM) running inside the host is a “guest” or “child”.
• Your Virtualization Options
  • Virtual PC
    • Free. Not recommended for developers.  It only works with 32-bit guests and is only designed to run Windows XP/Vista/7.  Designed for end users with legacy apps.
  • VirtualBox
    • Free.  Open Source.  The best choice if your running Windows 7 and all you need in 95% of scenarios.  You might consider VMWare a paid upgrade to this in terms of advanced functionality but if you don’t know why you need VMWare, you likely don’t.
  • Hyper-V
    • The best choice if you are running Server 2008 R2 or Windows 8.
  • VMWare
    • A good product, but to get features comparable to Hyper-V or VirtualBox you have to pay, a lot.
• Virtualization File Formats
  • A virtual machine has 2 (or more) files associated with it.  The two you usually care about are the disk drive files and a configuration file.  Every virtualization software manufacture has their own standard for each (or more then one) and it can get quite confusing, especially if you want to download test pre-build images.  Stick with Microsoft’s .vhd.
  • Microsoft’s current standard (2011-12) is the .vhd disk format but with Windows 8 a new .vhdx format is emerging.  .vhd is used by lots of Microsoft products like the legacy Virtual Server 2005, Virtual PC, Hyper-V, and even Windows Backup.  If you want to keep things simple, always create your virtual machines using this .vhd format so they’ll work across any product (even VMWare and VirtualBox).
  • The configuration file stores hardware configuration such as number of CPU’s, RAM, how many drives, and NIC MAC addresses.  This file format is different in every product so usually you just recreate your settings if you swtich between, say, VirtualBox and Hyper-V.
• Which To Use
  • Running Windows Vista/7: VirtualBox
  • Running Server 2008 R2 or Windows 8: Hyper-V
• VM Management
  • Keep your .vhd’s (virtual hard drives) small.  Google “shrink vhd“, disable the Recycle Bin in VM’s, disable hibernate, use Spacesniffer to find large files and folders.
  • Keep your ISO’s and install files outside of the VM and use network shares or VirtualBox shared folders to access them.  Mount ISO’s from Hyper-V/VirtualBox rather then using inside the VM.
  • If you end up creating more then a few guest VM, learn how to use differencing disks (VirtualBox calls them immutable) to have one large source/root disk (use sysprep before making it read only) and then create new differencing disks on top of that for each VM you create.  For Server 2008 R2 this saves me 15GB of disk used per virtual machine.

To fix, disable Task sync for your Exchange account in settings.

If your Siri and Reminders looks like this then you’ve got this issue:

Once Exchange Tasks are no longer sync’ed, they should look like this:

Happy Reminding.

1. You can control if  you get an email or even require a pin sent to your cell phone if a “unrecognized computer/browser” tries to log in.
2. You can require a security question to get in on a new computer/browser, and as a backup it will ask you to correctly name 5 friends by picture if it doesn’t recognize your browser/computer.
3. Coolest: In helping a friend, I remotely logged in from his west-coast PC and then into his same account from my east-cost PC within minutes of each other.  Facebook DID NOT like that and told him on next logon to his west-coast FB that someone from Virginia Beach tried to log in with the correct password but couldn’t identify his friends by picture, so was denied until he approved it.

Yes this is cool tech, but still doesn’t control their overall bad decisions on how I’m opt’ed into new features without my awareness.

• If you decide to go virtual, Lync only supports Hyper-V R2 or ESX 4.0 platforms. Windows Server 2008 Hyper-V is NOT supported as “A number of enhancements that are critical for running virtualized Lync Server media workloads were implemented with Windows Server 2008 R2 to address network packet loss.”
• If you choose virtual. All roles in virtual must run on Windows Server 2008 R2 as the guest/child OS, citing more network optimizations.
• In general, all roles can be virtualized, except for the 3^rd party Survivable Branch hardware appliance (obviously).
• You need to decide physical or virtual on a per pool basis. Inside the pool, the roles on separate servers (physical or virtual) need to be of similar resources (hardware), as “Balanced end-to end-performance is required.”
• The exceptions to this rule, is you can always choose the Front End to be virtual and the DB backend to be physical in any scenario.
• Virtualization high availability features (Windows clustering, VMotion, Live Migration, etc.) are not a substitute for Lync’s built-in redundancy features inside its architecture (multiple front-end’s, SQL redundancy, etc.).
• Even in a small virtualized pool, the following are not recommended: shared networking port for host and guests, shared disk spindles for host and guests or for multiple guests, network connectivity less than 1GB, and dynamic disks.
• Disabling IPv6 on the host and guests will improve performance (although it doesn’t specify which technique to use for disabling. Is unchecking the box in Network Connection Properties enough even though it doesn’t completely disable IPv6?).
• Notes are included for enabling VMQ on Intel network adapters and other driver/reg modifications to improve performance.

Maybe it’s just me, or maybe I’ve not read other Microsoft server virtualization recommendation white papers… but this one was particularly detailed and full of real-word guidance for sizing virtual and physical machines, including what perfmon counters to use for baselining. Bravo Lync team. If only all server apps came with this level of detail.